Am Sat, 15 Feb 2014 16:28:34 -0600 (CST) schrieb Doug OLeary <[email protected]>:
> Hey; > > Apparently, in my efforts to be brief, I didn't adequately outline > the scenario. Users need to be able to change their own passwords > once their account is configured in ldap and assigned an initial > password. That's where pam comes in. Obviously, if I (or the user) > change a user's account via ldap commands, pam restrictions. > > I just verified that a test user can change his password to anything > he wants via ldappasswd (bad... but have to have access to the > command). > > I also verified that the pam configuration affects password selection > when the user is trying to change the password via the passwd > command. (got that working both locally and via ldap). > > So, I got the answer to my question and raised a bunch more potential > issues that I'll have to ponder. It is not PAM but the name service switch nss which can be configured to us ldap as credentials storage. -Dieter -- Dieter Klünter | Systemberatung http://sys4.de GPG Key ID: E9ED159B 53°37'09,95"N 10°08'02,42"E
