I have an Ubuntu 12.04 LTS Server running OpenLDAP Server for several client servers. When I expire a password for a user within the directory they are prompted to change their password but the settings I have configured in PAM are ignored. Complexity is not enforced and passwords are able to be reused. If I expire a password for a local user on the server all seems fine. Here are the relevant lines from the /etc/pam.d/common-password file
password requisite pam_cracklib.so retry=3 minlen=12 difok=4 ucredit=1 lcredit=0 dcredit=1 ocredit=2
password [success=1 default=ignore] pam_unix.so obscure remember=4 use_authtok try_first_pass sha512
password requisite pam_deny.so
password required pam_permit.so
I've read several of the howtos related to LDAP and I don't see what I'm missing. Can anyone point me in the right direction?
Thanks in advance,
- Frank
Bookmarks