Hi list,
Has anyone worked with password aging (/etc/shadow and LDAP shadowAccount)?
I have tried many permutations on /etc/pam.d/login and sshd, and
/etc/nsswitch.conf. When I come in to a SLES-8+SP2 Linux via telnet and ssh
with a local user and LDAP user who both have expired passwords, I have
found:
| local user | OpenLDAP user
----------------------------------------------------
telnet | works - get prompted | no access
| for new password | "Login incorrect"
----------------------------------------------------
sshd | broken - I get in | no access
| with expired password | "Access denied"
So, I am only able to get 1 of the 4 permutations working.
-Mike MacIsaac, IBM mikemac at us.ibm.com (845) 433-7061
