Re: [Lam-public] Managing account locking and password expiration in plain LDAP schema...
Brought to you by:
gruberroland
From: Roland G. <po...@ro...> - 2023-05-22 05:40:45
|
Hi Marco, Am 21.05.23 um 23:33 schrieb Marco Gaiarin: >> Shadow is only checked by the Unix system. If you want something to be >> enforced globally then go for PPolicy (needs to be activated on server): >> https://www.ldap-account-manager.org/static/doc/manual/ch04s02.html#mod_passwordPolicy > > If i've understood well, this is an alternative to shadow, right? EG, > PPolicy does not use shadow* fileds... PPolicy is checked server-side. This is why all applications are affected when the user is e.g. locked. On the other side, Shadow is purely checked client-side (Unix login). Best regards Roland |