Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Solaris and PAM Password policy
Operating Systems Solaris Solaris and PAM Password policy Post 302725541 by pandu345 on Friday 2nd of November 2012 10:14:38 AM
Old 11-02-2012
Solaris and PAM Password policy
Hello All,

I have Sun DSEE7 (11g) on Solaris 10.
I have run idsconfig and initialized ldap client with profile created using idsconfig.

My ldap authentication works. Here is my pam.conf

Code:
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login   auth requisite          pam_authtok_get.so.1
login   auth required           pam_dhkeys.so.1
login   auth required           pam_unix_cred.so.1
login   auth binding            pam_unix_auth.so.1 server_policy
login   auth required           pam_ldap.so.1
login   auth required           pam_dial_auth.so.1

simiiar for rlogin krlogin rsh other auth.


My requirement is if a new user created in LDAP logs in to soalris, system should prompt reset password. My LDAP password policy set the attribute- force reset on initial logon.

A user who already logged must be able to login even if LDAP server is down.

help is appreciated.

Thanks,
 

10 More Discussions You Might Find Interesting

1. Solaris

PAM, Solaris, Openssh and Forcing a password change

Here's the issue. Currently when I run passwd -f "username" on any account, when I try to login with said account I don't get prompted to change my password I just keep getting prompted to input a password. (Of course this works just fine with telnet)Is there something i need to add to... (7 Replies)
Discussion started by: woodson2
7 Replies

2. Solaris

Password policy problem ??

Hi Solaris's expert I need to change user password on Solaris10 2 servers. With the same password I can change it just only one. Try to check everything but not found difference?? password pattern: abcdeFgh9Jk server1 check all characters but server2 check only first 8 characters.Why??... (10 Replies)
Discussion started by: arm_naja
10 Replies

3. UNIX for Dummies Questions & Answers

Using PAM to log password changes?

Hi, on a lab computer another user (who is a sudoer) changed my password without my permission. I'm pretty positive it was her, though I can't conclusively prove it. I had my friend, who is another sudoer on the machine, fix it and make me a sudoer now too. So everything is fine, but I want... (0 Replies)
Discussion started by: declannalced
0 Replies

4. Red Hat

NIS password policy

Hi, I am running NIS server on redhat linux 5 and I want to implement password restrictions for the yppasswd, how can I do it.Please help me. I can implement password restriction for passwd by configuring /etc/pam.d/system-auth and setting crack_lib.so but I don't know how to implent the same... (3 Replies)
Discussion started by: ktrimu
3 Replies

5. Solaris

password policy for new user

hi folk, i try to setup a new password policy for our solaris box user, below are the /etc/default/passwd/, but then when i tried to create a user, it didn't ask for numeric character, and the new password also didn't ask for special characters. # useradd testing # passwd testing New... (7 Replies)
Discussion started by: dehetoxic
7 Replies

6. Ubuntu

User and Password Policy

Hi linux expert, i would like to create a script for listing all user with there password policy. It should be in the following format: Last password change : Sep 19, 2011 Password expires : never Password inactive : never Account... (2 Replies)
Discussion started by: yprudent
2 Replies

7. SuSE

PAM password change failed, pam error 20

Hi, I use a software which can create account on many system or application. One of resource which is managed by this soft his a server SUSE Linux Enterprise Server 10 (x86_64). patch level 3. This application which is an IBM application use ssh to launch command to create account in... (3 Replies)
Discussion started by: scabarrus
3 Replies

8. AIX

Password Policy

I need help. I have set a password policy. But I want to dis allow setting user name as password. My policy is as below... min length =8 min diff=2 min alpha=2 max repeats=2 dictionary= /usr/share/dict/words Still user can set his username as password (i.e. Jackie1234). Code tags for... (11 Replies)
Discussion started by: powerAIX
11 Replies

9. Linux

Password hardening using pam

Hi We have a requirement to vary the minimum password criteria by the group to which a user belongs. For example a standard user should have a password with a minimum length of 12 and containing a mix of characters whereas an administrator should have a password with a minimum length of 14... (1 Reply)
Discussion started by: gregsih
1 Replies

10. Red Hat

Password policy for root

Hi, I am unable to enforce password complexity policy for root user. (other users are working) on RHEL 6.2. Anything wrong with system-auth parameters? PLease help.. vi /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time... (1 Reply)
Discussion started by: suresh3566
1 Replies

LEARN ABOUT X11R4

idsconfig

idsconfig(1M)						  System Administration Commands					     idsconfig(1M)

NAME

       idsconfig - prepare an iPlanet Directory Server (iDS) to be populated with data and serve LDAP clients

SYNOPSIS

	/usr/lib/ldap/idsconfig [-v] [-i input_configfile] [-o output_configfile]

DESCRIPTION

       Use  the idsconfig tool to set up an iPlanet Directory Server (iDS). You can specify the input configuration file with the -i option on the
       command line. Alternatively, the tool will prompt the user for configuration information. The  input  configuration   file  is  created	by
       idsconfig with the -o option on a previous run.

       The first time a server is set up, the user is prompted for all the required information.  Future installations on that machine can use the
       configuration file previously generated by idsconfig using the -o option.

       The output configuration file contains the directory administrator's password in clear text. Thus, if you are creating an output configura-
       tion file, take appropriate security precautions.

       You should back up the directory server's configuration and data prior to running this command.

OPTIONS

       The following options are supported:

       -i input_configfile     Specify	the  file name for idsconfig to use as a configuration file.  This file will be read by idsconfig, and the
			       values  in the file will be used to configure the server.  Do not manually edit input_configfile. The input_config-
			       file  is  only  partially validated, as idsconfig assumes that the file was created by a previous invocation of the
			       command.

       -o output_configfile    Create a configuration file.

       -v		       Verbose output.

OPERANDS

       The following operands are supported:

       input_configfile        Name of configuration file for idsconfig to use.

       output_configfile       Configuration file created by idsconfig.

EXAMPLES

       Example 1: Prompting the User for Input

       In the following example, the user is prompted for information to set up iDS.

       example# idsconfig

       Example 2: Creating an Output Configuration File

       In the following example, the user is prompted for information to set up iDS, and an output configuration file, config.1, is  created  when
       completed.

       example# idsconfig -o config.1

       Example 3: Setting up iDS Using the Specified Configuration File

       In  the	following example, iDS is set up by using the values specified in the configuration file, config.1. The verbose mode is specified,
       so detailed information will print to the screen.

       example# idsconfig -v -i config.1

EXIT STATUS

       The following exit values are returned:

       0	Successful completion.

       >0	An error occurred.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWnisu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ldap(1), ldapadd(1), ldapdelete(1), ldaplist(1), ldapmodify(1),	ldapmodrdn(1),	ldapsearch(1),	ldap_cachemgr(1M),  ldapaddent(1M),  ldap-
       client(1M), suninstall(1M), resolv.conf(4), attributes(5)

SunOS 5.10							    18 Oct 2001 						     idsconfig(1M)
All times are GMT -4. The time now is 09:28 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy