On Thu, Sep 20, 2012 at 07:52:40PM -0400, Stile wrote: > I'm in the process of trying to set up a LTSP server on Ubuntu 12.04. > I've run into a bit of a problem. Ldm does not work for password > expiration. An expired password cannot be updated with ldm. It simply > restarts.
This is a long-standing and difficult problem... > I filed a bug at https://bugs.launchpad.net/ltsp/+bug/1053447 and It > seems Ubuntu doesn't want anything to do with it. I find that a bit > disturbing. That seems like a strange interpretation. Stéphane Graber described our plans for the future and suggested a possible workaround using a pre-login script. It's essentially unfixable given how LDM works- we would have to rewrite LDM because the ssh prompts for password expiration are inconsistant, and there's no predictible way across different versions of ssh, different versions of pam, different distros, different configurations of the aforementioned... there's no way to screen-scrape all permutations. So "wontfix" is an appropriate tag. For LTSP6 we're looking to use libpam-sshauth, which should be able to handle this properly. It's a non-trivial task; Help would be appreciated. > This server is going in an environment that has to maintain PCI > compliance. Part of complying with that standard is 90 day password > changes. Without the ability to update a users password, ltsp on a > 12.04 server is worthless in our case. > > There has to be other environments that require password expiration > out there. How is anyone getting around this? There are numerous workarounds- you could write an ldm hook that checks for password expiry, you could send people an email when their password is about to expire. I've basically just dealt with the fact that I need to manually reset people's passwords once in a while. So, there are some workarounds, there are some future plans for how to resolve this issue, but nothing comes easy. Good luck! live well, vagrant ------------------------------------------------------------------------------ Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net
