Pam unix with LDAP server account lockout

From Brandonhutchinson.com

Revision as of 22:22, 14 December 2007 by Hutch (Talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search

Overview

In order to support a legacy application, I have to meet the following requirements:

  • pam_unix must be used.
  • The Directory Server must only store user passwords in {crypt} format.

Requirements

The Directory Server must only store passwords in {crypt} format

The default user password storage scheme is SSHA. To change it to crypt, run the following command on both Directory Servers:

# dsconf set-server-prop pwd-storage-scheme:crypt
Personal tools