Web lists-archives.com

Re: [Samba] How to get password expiration?




On 02/02/2017 15:17, mathias dufresne wrote:
So, back to ldapsearch -Y GSSAPI (if your users generate kerberos ticket at connection time) to retrieve LDAP attribute PwdLastSet. It's not an UNIX timestamp, it should be called LDAP time stamp or 18-digit LDAP timestamp...

Aside: it's a Microsoft Win32 FILETIME. (The LDAP standard uses ISO times)

pwdLastSet doesn't tell you when it expires, so you'd have to combine this with the domain password expiry policy too: i.e. do the equivalent of "samba-tool domain passwordsettings show"

If he only wants to display the information to the user at login time, I think the best/easiest place to do this would be in the PAM module which enforces the password expiry, since it has all the information to hand already.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba