Control of expired passwords with SASL + LDAP

[Sandro Venezuela]

Dan,

I'm using LDAP to authenticate users on the Cyrus Imap Server, with
Thunderbird and eGroupware, and also in the workstations.

On the E-mail server, I'm using saslauthd with LDAP and when password
expires, you can still access the mailbox through Thunderbird.

My goal is just to solve this problem, because both eGroupware and PAM
already do this for me.

Do you have any idea?

Thanks

Dan White escreveu:
> Sandro,
>
> ppolicy is documented in the slapo-ppolicy man page (from OpenLDAP).
> It may
> not be a good fit if you're trying to enforce a password policy onto a
> cyrus imap server.
>
> You could use saslauthd with its PAM backend to enforce your password
> policy, assuming you're only using PLAIN/LOGIN mechanisms.
>
> How does LDAP fit into your overall picture?
>
> On 23/10/09 11:10 -0200, Sandro Venezuela wrote:
>> Thanks Dan for your reply.
>>
>> Today, expired passwords are controlled by PAM on the workstations
>> and how
>> do I use openSUSE Linux that is easy to  implement.
>>
>> But the server I'm  using only SASL+LDAP  and  wanted  something similar
>> to PAM, but I'll be searching ont the Internet the use of  ppolicy to
>> solve my problem.
>>
>> Do you have any documentation to show about ppolicy?
>>
>> Dan White escreveu:
>>> On 22/10/09 21:36 -0200, Sandro Venezuela wrote:
>>>> Hi,
>>>>
>>>> I have a e-mail server with Cyrus + SASL + LDAP and would like to
>>>> prohibit access to mailbox of the User when it is with the expired
>>>> password. How can I do that?
>>>
>>> Sandro,
>>>
>>> Cyrus SASL doesn't have a concept of password expiry. What mechanism is
>>> controlling when your passwords expire? OpenLDAP ppolicy? or system
>>> expiration (PAM)?
>

-- 
Sandro Venezuela
Especialista Linux
______________________________________
  Linux2Business - Soluções em Linux
Rua Aracati, 488 - Santo André - SP
Fone: (11) 4472-4418 - (11) 8485-1049
      www.linux2business.com.br
______________________________________