[Bug 869] Password expiration does not work for LDAP users

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue May 18 08:40:10 EST 2004


           Summary: Password expiration does not work for LDAP users
           Product: Portable OpenSSH
           Version: -current
          Platform: PPC
        OS/Version: AIX
            Status: NEW
          Severity: critical
          Priority: P2
         Component: Miscellaneous
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: gokoyev at us.ibm.com

There appears to be a problem with SSH on AIX 5.1 on systems running secldap
client (secldapclntd): ssh ignores the maxage attribute specified for the
SYSTEM=LDAP users in the ldap directory.  Instead ssh is looking for the maxage
attribute in the /etc/security/user and the 'lastupdate' in the
/etc/security/passwd.  If the default stanza in the /etc/security/user does not
contain maxage the LDAP user never gets a prompt to change the expired password.
 If the default stanza does contain the maxage then the user always (even after
changing the password successfully) gets prompted to change the password (LDAP
users do not have stanzas in the /etc/security/passwd with the lastupdate

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the openssh-bugs mailing list