(RADIATOR) Radiator not honoring shadow attributes
Mike Saunders
msaunders at minot.com
Tue Nov 5 10:54:48 CST 2002
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Tuesday, November 05, 2002 10:21 AM
To: Mike Saunders
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Radiator not honoring shadow attributes
Hello Mike -
What exactly are you referring to as shadow attributes?
regards
Hugh
Account is "unlocked" and works fine
test123:Changed:11996::99999::::136461764
Account is "locked" or expired.
test123:Changed:11996::99999:::11995:136461764
Notice the 11995. It's the number of days since the UNIX epoch. That
entry puts the expiration on the account at November 4th, 2002. So
today the account *should not* be able to dial up. However it still is.
This is from man 5 shadow on this box:
SHADOW(5) SHADOW(5)
NAME
shadow - encrypted password file
DESCRIPTION
shadow contains the encrypted password information for
user's accounts and optional the password aging informa-
tion. Included is
Login name
Encrypted password
Days since Jan 1, 1970 that password was last changed
Days before password may be changed
Days after which password must be changed
Days before password is to expire that user is warned
Days after password expires that account is disabled
Days since Jan 1, 1970 that account is disabled
A reserved field
So, radiator isn't honoring the shadow account disabled field. Any
ideas on how to make it do this, or do we need to use a different Auth
mechanism?
-Mike Saunders
Mike Saunders
Systems Administration
Magic Internet Services, Inc.
(701) 838-1265
(701) 857-0238 (voicemail)
msaunders at minot.com
http://www.minot.com
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list