Hallo everybody, We've got ca. 20 solaris boxes. Passwords on this boxes are not synchronized, we do not yet use pam_ldap. Besides of this, passwords expire every 30 days and as you can imagine, in arbitrary manner.
We have compiled MIT Kerberos and OpenSSH with Heimdal (mainly because OpenLDAP maling list insists on threading issues in GSSAPI from MIT). Now we have SSO. But there is a problem with security policies at our campus - if we do not change expired password during 90 days our accounts get revoked. What would you do in order to sort out this mess? I imagine we 1) have to synchronize our password via pam_ldap 2) synchronize our local passwords with Kerberos password via pam_krb5. Would it be correct approach? For me it sounds toooooo complicated. Thanx a lot in advance, vadim tarassov. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
