It looks like my pam_unix2.conf file already has references to ldap. So now my questions are:
1. Do I remove pam_unix.so and pam_ldap.so and use pam_unix2.so instead? 2. What will using pam_unix2.so buy me. The issue with expired passwords I believe goes back to the ldap. I have actually found that I can expire a password by changing shadowLastChanged to 0. However, ssh reacts weird to this. I am informed of the expired password and that I must change it; however, the ssh session is then closed by the remote host. My changing my ACLs I can get to the point where shadowLastChanged is pretty much ignored. I can't seem to find an in between? -- ideas? Thanks! Eric Sammons (804)697-3925 FRIT - Unix Systems "Sal Torres/SBC Inc." <[EMAIL PROTECTED]> Sent by: Linux on 390 Port <[EMAIL PROTECTED]> 12/18/2003 09:30 AM Please respond to Linux on 390 Port To: [EMAIL PROTECTED] cc: Subject: Re: Anyone using OpenLDAP with SLES8? Question with Passwords You could try using the "pam_unix2.so" module instead of "pam_ldap.so". "pam_unux2.so" will call "pam_ldap.so" under the covers if you modify "/etc/security/pam_unix2.conf". Hope it helps. sal