Hi all,
I noticed that logins via ssh key bypass the LDAP password policies (password ageing, password warning, and password lockout due to failed attempts, etc). Is there any way to force key based ssh logins to respect the password policies?
I noticed that if I use the shadow attributes in LDAP for a user (shadowWarning, shadowMax, shadowLastChange) instead of relying on the password policy that, it works as expected - user is warned when password is expiring and users with an expired password are forced into a password change. Unfortunately I don't see any way to enforce password lockout due to failed attempts in the shadow attributes.
Any ideas on how to force ssh key based logins to respect the password policy?
Thanks in advance, David
389-users@lists.fedoraproject.org