OpenSSH and Solaris 9/Native LDAP
Darren Tucker
dtucker at zip.com.au
Thu Sep 9 23:15:32 EST 2004
Covington, Jimmy D. (NGIT) wrote:
> I am trying to get the latest version of openssh to work on a Solaris 9
> native ldap client. We have a feature in ldap called "User must change
> password after reset" enabled. According to the openssh docs, it says that
> it will work with the "other" accounts listed in the /etc/pam.conf.
Actually it will use argv[0] (usually "sshd") if it's present, otherwise
it will use "other".
> We have
> tried a lot of different entries in the /etc/pam.conf. Does anyone have any
> ideas on how to get this to work?
Did you enable PAM at build time and in sshd_config (ie "UsePAM yes")?
If PAM reports the account's password is expired then sshd should force
a change.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list