It looks like my pam_unix2.conf file already has references to ldap. So
now my questions are:
1. Do I remove pam_unix.so and pam_ldap.so and use pam_unix2.so instead?
2. What will using pam_unix2.so buy me. The issue with expired passwords
I believe goes back to the ldap. I have actually found that I can expire
a password by changing shadowLastChanged to 0. However, ssh reacts weird
to this. I am informed of the expired password and that I must change it;
however, the ssh session is then closed by the remote host. My changing
my ACLs I can get to the point where shadowLastChanged is pretty much
ignored. I can't seem to find an in between? -- ideas?
Thanks!
Eric Sammons
(804)697-3925
FRIT - Unix Systems
"Sal Torres/SBC Inc." <[EMAIL PROTECTED]>
Sent by: Linux on 390 Port <[EMAIL PROTECTED]>
12/18/2003 09:30 AM
Please respond to Linux on 390 Port
To: [EMAIL PROTECTED]
cc:
Subject: Re: Anyone using OpenLDAP with SLES8? Question
with Passwords
You could try using the "pam_unix2.so" module instead of "pam_ldap.so".
"pam_unux2.so" will call "pam_ldap.so" under the covers if you modify
"/etc/security/pam_unix2.conf".
Hope it helps. sal
