I have done that and it sort of worked. It seemed to take on the
characteristics there after of a ACL problem. By changing the acls I get
different behavior; however, I can't seem to find the right acls that
cause the implementation to work.
Do you have this working? Can I ask what your LDAP ACLs look like?
Thanks!
Eric Sammons
(804)697-3925
FRIT - Unix Systems
"Sal Torres/SBC Inc." <[EMAIL PROTECTED]>
Sent by: Linux on 390 Port <[EMAIL PROTECTED]>
12/18/2003 10:03 AM
Please respond to Linux on 390 Port
To: [EMAIL PROTECTED]
cc:
Subject: Anyone using OpenLDAP with SLES8? Question with
Passwords
Try to set the shadow last change to zero. pam_ldap is supposed to
expire the account:
...
if (session->info->shadow.lstchg == 0)
{
/*
* Adhere to convention of a shadow last change
* value of 0 implying that the password has
* expired. Apparently this is documented in the
* shadow suite (libmisc/isexpired.c).
*/
session->info->password_expired = 1;
...
sal
