by I am using Solaris 8 with Sun ONE Directory Server 5.2 and I am
noticing some issues that I don't know if it is a bug or a
misconfiguration.
I have Solaris 8 secured ldap clients using tls:simple auth method to
Sun ONE DS 5.2. I converted from using NIS to LDAP - quite a chore.
Everyting authenticates fine (if I use crypt encryption for
passwords).
Telnet, rsh, ssh (breaks if anything other than crypt), ftp - all
work.
The issue is that I do not get a warning that the password will expire
and you need a new one, or the password is expired (not sure if there
is supposed to be a warning), or warn that the password is reset and
needs a new one.
I have the backport patch at level: 108993-31
Here is my pam.conf (for the two mechs that pam_ldap works for in
Sol8):
passwd auth sufficient pam_passwd_auth.so.1
passwd auth required pam_ldap.so.1 use_first_pass
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth sufficient pam_unix_auth.so.1
login auth required pam_ldap.so.1 use_first_pass
login auth required pam_dial_auth.so.1
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth sufficient pam_unix_auth.so.1
rlogin auth required pam_ldap.so.1 use_first_pass
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth sufficient pam_unix_auth.so.1
rsh auth required pam_ldap.so.1 use_first_pass
#
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth sufficient pam_unix_auth.so.1
other auth required pam_ldap.so.1 use_first_pass
Also since I am specifiying "use_first_pass" on the pam_ldap lines why
does it ask for LDAP Password if the first one I use isn't right?
It should just use the first one like the man page says and not ask -
users get confused with this prompt as LDAP is new to them.
Is there anything I can do to get the warnings as I want users to
change passwords and I don't want to have to reset 200+ passwords in 3
months?
Thanks
Cade