Solaris 8 not giving password expire warning with ldap?

Solaris 8 not giving password expire warning with ldap?

Post by Cade » Fri, 13 Feb 2004 01:57:01

I am using Solaris 8 with Sun ONE Directory Server 5.2 and I am
noticing some issues that I don't know if it is a bug or a

I have Solaris 8 secured ldap clients using tls:simple auth method to
Sun ONE DS 5.2.  I converted from using NIS to LDAP - quite a chore.
Everyting authenticates fine (if I use crypt encryption for
Telnet, rsh, ssh (breaks if anything other than crypt), ftp - all

The issue is that I do not get a warning that the password will expire
and you need a new one, or the password is expired (not sure if there
is supposed to be a warning), or warn that the password is reset and
needs a new one.

I have the backport patch at level: 108993-31

Here is my pam.conf (for the two mechs that pam_ldap works for in
passwd  auth sufficient
passwd  auth required  use_first_pass
login   auth requisite
login   auth required 
login   auth sufficient
login   auth required  use_first_pass
login   auth required 
rlogin  auth sufficient
rlogin  auth requisite
rlogin  auth required 
rlogin  auth sufficient
rlogin   auth required  use_first_pass
rsh     auth sufficient
rsh     auth sufficient
rsh  auth required  use_first_pass
other   auth requisite
other   auth required 
other   auth sufficient
other   auth required  use_first_pass

Also since I am specifiying "use_first_pass" on the pam_ldap lines why
does it ask for LDAP Password if the first one I use isn't right?
It should just use the first one like the man page says and not ask -
users get confused with this prompt as LDAP is new to them.

Is there anything I can do to get the warnings as I want users to
change passwords and I don't want to have to reset 200+ passwords in 3



1. How can I get warned when an individual user's password is going to expired?

Hi, All,

          As a system administrator, is there a  way I can  check:
1.   The  password expire date for an individual user
2.   or the date of  Last_time that user changed his password
3.   or  a  message/log  that indicates an  users account will be
expired within few days.

    We are running Tacacs on AIX 4.2. Some users never got  "password
expire warning message" when their password expire  because they are not
regularly log onto AIX system.  These are router users,  their router
password are controlled by Tacacs and is linked to /etc/passwd file in
my AIX system.

2. Test Your Network Free for Two Weeks

3. ftp to Sun Ultra gives "password expired" error msg

4. modularization of setup_arch in 2.5.7

5. compiling PHP on Solaris with LDAP, but not SUN ldap

6. Help on Installing gcc-2.7.2

7. Pre expire password working in telnet not ssh

8. WinFast S680 tv-out

9. Passwords that do not expire

10. password expired, solaris 2.5.1 and NIS+

11. A Solaris beauty (Re: Expiring password)

12. "Warning: Pasting would not give a valid pre-processing token"

13. Reset of the Solaris 9 ldap admin password