 | | | Scratching my head over passwd- >LDAP | Scratching my head over passwd- >LDAP 2006-06-06 - By Stephen John Smoogen
Back
On 6/6/06, Doug Stewart <dstewart@(protected)> wrote:
> -- --BEGIN PGP SIGNED MESSAGE-- --
> Hash: SHA1
>
> Howdy all,
> I'm trying to migrate our RH systems from a traditional NIS backend to a
> Mac Xserve running OpenDirectory and the two great sticking points that
> I've encountered thus far are this:
>
> 1) I can't get passwd to correctly interact with the OD/LDAP server in
> order to allow users to change their own passwords. I suspect that
> there will need to be some pam tweaking, but I've not been able to
> determine the precise recipe for such as of yet. Does anyone have a
> nice step-by-step to make passwd Just Work(tm) for LDAP environments?
>
Different infrastructure... we use a webpage front end to change it..
that way we can get LDAP, AD, and Kerberos all updated at the same
time. Havent had much luck otherwise.. but havent delved much yet.
> 2) No active notification when passwords are about to expire and/or
> accounts are locked. Mac and Windows clients that bind to the OD server
> get notified on screen locks and logins when their passwords are about
> to expire or their accounts have been locked. Is there any way to do
> this for GDM/console users on Linux (Solaris is a bonus as well)?
>
Solaris 10 might have it with the latest nss_ldap and the latest
solaris Pam.. but I havent gotten that far in my testing cycle. At the
moment Solaris 8 is out of luck period it would seem.
I have not had much luck.. but we have a different infrastructure at
LM's SNL to email oyu when your password is dead.
--
Stephen J Smoogen.
CSIRT/Linux System Administrator
--
Taroon-list mailing list
Taroon-list@(protected)
https://www.redhat.com/mailman/listinfo/taroon-list
|
|
|