Package: libpam-ldap Version: 180-1 Severity: critical Tags: security If I set the Shadow account expiration date in Shadow using LAM to 1-1-2003, I can still log in using libpam-ldap.
I am sure I tested this functionality out before and it worked, as such I feel this bug is critical because it may "introduce a security hole on systems where you install the package". I think it is not-unreasonable to expect it should not be possible to log in to an account that has passed its expiration date. It is also possible this is a bug in LDAP-Account-Manager (LAM), just for verification my LDAP value is: shadowExpire: 12052 I am not sure what the format of this number should be. In LAM it is shown as corresponds to 31-12-2002. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
