wto, 29 mar 2011, 23:01:35 +0200, Arthur de Jong napisał(a): > On Mon, 2011-03-28 at 10:05 +0200, Mariusz Sawicki wrote: > > libpam-ldapd doesn’t change shadowLastChange during password modifica- > > tion. This problem is probably solved in 0.8.0 (according to #604147): > > > > * try to update the shadowLastChange attribute on password change > > > > It should be included in squeeze, otherwise it is unusable when password > > change request occures. > Having the shadowLastChange attribute updated on password change is > indeed a nice feature when using password expiry but not required in all > environments.
Of course, but it could be forced by security policy. > This has indeed been implemented in 0.8.0 but the 0.8 series is > currently in experimental because it is still under development. For > reference, the change that was implemented for 0.8.0 can be found here: > http://lists.arthurdejong.org/nss-pam-ldapd-commits/2010/msg00302.html Thanks for the patch. I could use it with my own build. > Unless you can make a strong argument to have this fixed in squeeze I > don't think it will be fixed there. It is suggested to use of -ldapd packages insted of -ldap: http://www.debian.org/releases/stable/amd64/release-notes/ch-information.en.html#ldap-gnutls So if in libpam-ldap updating of shadowLastChange works it should also in libpam-ldapd. Regards. -- Mariusz Sawicki | rash (at) e-point . pl | e-point SA Glowny Administrator Systemow | http://www.e-point.pl PGP key at: http://staff.e-point.pl/~rash/rash_ep.asc -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
