Mike Jackson
2007-Jan-29 21:37 UTC
Re: [Fedora-directory-users] How can I force All users to reset their passwords on next login?
Dave Augustus wrote:> Does FDS provide this feature?On next login to what? Mike -- http://www.netauth.com - LDAP Directory Consulting
Dave Augustus
2007-Jan-29 21:45 UTC
[Fedora-directory-users] How can I force All users to reset their passwords on next login?
Does FDS provide this feature?
Dave Augustus
2007-Jan-29 22:47 UTC
Re: [Fedora-directory-users] How can I force All users to reset their passwords on next login?
To set it to something that the user selects that complies with the current password policy. Dave On Mon, 2007-01-29 at 23:37 +0200, Mike Jackson wrote:> Dave Augustus wrote: > > Does FDS provide this feature? > > On next login to what? > > > Mike > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Richard Megginson
2007-Jan-29 22:50 UTC
Re: [Fedora-directory-users] How can I force All users to reset their passwords on next login?
Dave Augustus wrote:> To set it to something that the user selects that complies with the > current password policy. >It depends. On some platforms, PAM can understand the LDAP password policy settings, and on some it cannot. Of course, this only applies to PAM logins (i.e. OS logins). I assume you mean OS login via PAM LDAP. If not, then you''ll need to explain more about your app. Fedora DS password policy supports change at login - see http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#1088351> Dave > > > On Mon, 2007-01-29 at 23:37 +0200, Mike Jackson wrote: > >> Dave Augustus wrote: >> >>> Does FDS provide this feature? >>> >> On next login to what? >> >> >> Mike >> -- >> Fedora-directory-users mailing list >> Fedora-directory-users@redhat.com >> https://www.redhat.com/mailman/listinfo/fedora-directory-users >> > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >
Dennis Gilmore
2007-Jan-29 23:06 UTC
Re: [Fedora-directory-users] How can I force All users to reset their passwords on next login?
On Monday 29 January 2007 16:50, Richard Megginson wrote:> Dave Augustus wrote: > > To set it to something that the user selects that complies with the > > current password policy. > > It depends. On some platforms, PAM can understand the LDAP password > policy settings, and on some it cannot. Of course, this only applies to > PAM logins (i.e. OS logins). I assume you mean OS login via PAM LDAP. > If not, then you''ll need to explain more about your app. > > Fedora DS password policy supports change at login - see > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#1088351 > >From Experience OSX does not support any kind of the Posix Password policyattributes. the only way there that i could find was to use Open Directory server to enforce them. It is indeed a very Os dependent process -- ,-._|\ Dennis Gilmore, RHCE /Aussie\ Proud Australian \_.--._/ | Aurora | Fedora | v
Dave Augustus
2007-Jan-29 23:24 UTC
Re: [Fedora-directory-users] How can I force All users to reset their passwords on next login?
We are migrating to well known CRM from an in-house app. This CRM can use LDAP for authentication. So far, so good. So we are preloading the directory with exported accounts from our old system. We want to harden the password requirements in the process. When we turn this on, we want to force everyone that logs in to create a new password, thereby enforcing our policy change. We currently have the PasswordMustChange set to ON. However, we aren''t seeing the expected behavior- that is, the end user is NOT prompted in any other fashion other than the normal login. Thanks, Dave On Mon, 2007-01-29 at 15:50 -0700, Richard Megginson wrote:> Dave Augustus wrote: > > To set it to something that the user selects that complies with the > > current password policy. > > > It depends. On some platforms, PAM can understand the LDAP password > policy settings, and on some it cannot. Of course, this only applies to > PAM logins (i.e. OS logins). I assume you mean OS login via PAM LDAP. > If not, then you''ll need to explain more about your app. > > Fedora DS password policy supports change at login - see > http://www.redhat.com/docs/manuals/dir-server/ag/7.1/password.html#1088351 > > Dave > > > > > > On Mon, 2007-01-29 at 23:37 +0200, Mike Jackson wrote: > > > >> Dave Augustus wrote: > >> > >>> Does FDS provide this feature? > >>> > >> On next login to what? > >> > >> > >> Mike > >> -- > >> Fedora-directory-users mailing list > >> Fedora-directory-users@redhat.com > >> https://www.redhat.com/mailman/listinfo/fedora-directory-users > >> > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users@redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
Dennis Gilmore
2007-Jan-29 23:36 UTC
Re: [Fedora-directory-users] How can I force All users to reset their passwords on next login?
On Monday 29 January 2007 17:24, Dave Augustus wrote:> We are migrating to well known CRM from an in-house app. This CRM can > use LDAP for authentication. So far, so good. So we are preloading the > directory with exported accounts from our old system. We want to harden > the password requirements in the process. > > When we turn this on, we want to force everyone that logs in to create a > new password, thereby enforcing our policy change. > > We currently have the PasswordMustChange set to ON. However, we aren''t > seeing the expected behavior- that is, the end user is NOT prompted in > any other fashion other than the normal login.So your CRM application needs to check for the password expiry flag. -- ,-._|\ Dennis Gilmore, RHCE /Aussie\ Proud Australian \_.--._/ | Aurora | Fedora | v