I have not seen or used the passwordMustChange attribute before but I can tell you that if you set the passwordExpirationTime as following:
passwordExpirationTime: 19700101000000Z It should force the user to change their password on their next login. Keep in mind you will not get a prompt if use use a passwordless ssh login via rsa key exchange. Hope that helps. Thanks, Aaron On Tue, Jun 14, 2011 at 5:03 PM, David Barr <daf...@dafydd.com> wrote: > I know this is outside the scope of the 389 list, but my Google-fu is > failing me on this one. > > If I change the password to the account on the LDAP server and verify > "passwordmustchange: on," I can ssh in to the test host with the new > password all day long, and never get asked to change it. > > I'm hoping someone has seen a document recently that they could link to. > I've seen the "PAM Configuration for LDAP Client Systems" page on the > wiki. That deals more with setting password expiration, though. > > Thanks! > David > > -- > David - Offbeat http://dafydd.livejournal.com > dafydd - Online http://pgp.mit.edu/ > Battalion 4 - Black Rock City Emergency Services Department > Integrity*Commitment*Communication*Support > > > -- > 389 users mailing list > 389-us...@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
