On Tue, Jul 06, 2010 at 10:22:10AM -0700, Jan Parcel wrote: > pam_unix now supports shadow entries in ldap, allowing local control > using ldap as > a repository. See 6715171, long since put back.
Have the docs been updated to reflect this? > On 07/06/10 06:37, Darren J Moffat wrote: > >On 06/07/2010 14:13, Piotr Jasiukajtis wrote: > >>How can I use account locking (lock_after_retries=yes) using LDAP > >>naming service instead of passwd/shadow? > > > >You can't, in the user_attr(4) man page it clearly says: > > > > lock_after_retries > > > > Specifies whether an account is locked after the > > count of failed logins for a user equals or exceeds > > the allowed number of retries as defined by RETRIES > > in /etc/default/login. Possible values are yes or > > no. The default is no. Account locking is applicable > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > only to local accounts. > > ^^^^^^^^^^^^^^^^^^^^^^^ -- Will Fiveash Oracle Austin, TX, USA Internal Solaris Kerberos/GSS/SASL website: http://kerberos.sfbay.sun.com http://opensolaris.org/os/project/kerberos/ Note my new work e-mail address: [email protected] _______________________________________________ security-discuss mailing list [email protected]
