I am working (with RH via Dell support) to solve an issue (that I believe to be
a pam_ldap issue). The problem is that the password policy control messaging
does not occur when I set 'pam_password md5', thus the Linux client never knows
that the password expires.
They have informed me that the password policy overlay in LDAP requires
clear-text passwords, and will not handle the password policy stuff if the
password is hashed. This makes no sense to me, since ppolicy is only handling
expiry times, etc. and pam is handling the rest (length, strength, etc., prior
to hash).
Does the ppolicy overlay require clear-text?
Thanks,
Joe
_________________________________________________________________
Hotmail: Trusted email with powerful SPAM protection.
http://clk.atdmt.com/GBL/go/177141665/direct/01/
