Hi all,
I noticed that logins via ssh key bypass the LDAP password policies
(password ageing, password warning, and password lockout due to failed
attempts, etc). Is there any way to force key based ssh logins to
respect the password
policies?
I noticed that if I use the shadow attributes in LDAP for a user
(shadowWarning, shadowMax, shadowLastChange) instead of relying on the
password policy that, it works as expected - user is warned when
password is expiring and users with an expired password are forced
into a password change. Unfortunately I don't see any way to enforce
password lockout due to failed attempts in the shadow attributes.
Any ideas on how to force ssh key based logins to respect the password policy?
Thanks in advance,
David