[ltb-dev] [LDAP Tool Box - Feature #714] (New) Add some attibutes sambaSamAccount/shadowAccount

Wed, 30 Jul 2014 07:51:52 -0700 

Issue #714 has been reported by Jarbas Peixoto Junior.

----------------------------------------
Feature #714: Add some attibutes sambaSamAccount/shadowAccount
http://tools.lsc-project.org/issues/714

Author: Jarbas Peixoto Junior
Status: New
Priority: Normal
Assigned to: Clément OUDOT
Category: Self Service Password
Target version: self-service-password-?


When a password is changed and used by samba, it's interesting that the logged 
on Windows user received notification that your password has expired, but was 
not allowed to even change the password with a simple CTRL + ALT + DEL. 

The above same situation can be applied to Linux desktops. 

With the help of some attributes can force the user to know that your password 
has expired and at the same time does not allow it to be possible to change it 
in Windows / Linux. Thus the only alternative is to access the URL with that 
application, thus ensuring uniformity of validations. 

MaxPwdAge - Password Expiry (in days) 
MinPwdAge - How many days after I exchange again. 

Note: When MinPwdAge MaxPwdAge is larger than the exchange can be made only 
after the password expiration.

A code snippet (from lib/functions.inc.php) with the suggested changes is 
below: 

<pre>

...

    $PwdLastSet=time();         # Today - now
    $MaxPwdAge=45;              # Password Expiry (in days)
    $MinPwdAge=365;             # How many days after I exchange again

    # Set Samba password value
    if ( $samba_mode ) {
        $userdata["sambaNTPassword"] = make_md4_password($password);
        $userdata["sambaPwdLastSet"] = $PwdLastSet;                     # Now
        $userdata["sambaPwdMustChange"] = $PwdLastSet+$MaxPwdAge;       # So 
when the password is valid. 
        $userdata["sambaPwdCanChange"] = $PwdLastSet+$MinPwdAge;        # When 
you can change the password again.
    }

...

    # Shadow options
    if ( $shadow_options['update_shadowLastChange'] ) {
        $userdata["shadowLastChange"] = floor($PwdLastSet/60/60/24);    # When 
the password has been changed. 
        $userdata["shadowMax"] = floor($MaxPwdAge/60/60/24);            # 
Password Age (days).
        $userdata["shadowWarning"] = 7;                                 # How 
many days before expiry will be warned
    }

</pre>


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://tools.lsc-project.org/my/account

_______________________________________________
ltb-dev mailing list
[email protected]
http://lists.ltb-project.org/listinfo/ltb-dev

Reply via email to