Hi, there are two schemes of password management with LDAP servers - the LDAP server supports attributes like 'shadowLastChange', 'shadowExpire' etc to store the relevant information at a central storage, but the evaluation is done on the client - the server supports password policies (see http://tools.ietf.org/html/draft-behera-ldap-password-policy-10 ) and all management and evaluation is done on the server side.
My question is whether we shall support the first one as a 'legacy' option (pam_ldap does), or if we should only implement to the second one? Btw. I think currently the LDAP component of IPA supports none of the above. bye, Sumit _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel