ssh no password expiry prompt with LDAP

I installed and configured 389 directory server (aka redhat directory server), created user/group and configured follow the instruction at http://directory.fedoraproject.org/wiki/Howto:PAM on my Redhat 5.x Linux server
I tried to reset user password, and then login with ssh, but no matter if the password is reset or not, there's no prompt for changing the expired password.
I tried using command "login testUser", it will prompt me for new password. I checked /etc/pam.d/sshd, found out it missed one entry:
auth include system-auth

and system-auth will include ldap related settings:
auth sufficient pam_ldap.so use_first_pass

then the password change prompt pop out after login with ssh:

WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user testUser.
Enter login(LDAP) password:

So now I can force user to change their password after password reset or when password expired.

Comments

enable special character support in Graphite metric name

Problem Graphite doesn’t support special characters like “ “ (empty space), “/” slash etc. Because it expect everything to be just ASCII to split/processing them, and then make directories based on metric name. For example: Metric: datacenter1.server1.app1.metric1.abc Will create datacenter1/server1/app1/metric1/abc.wsp But Metric: datacentter1.this is a test/with/path.app.test will fail when create directory So any special name not allow to appear in directory/file name is not supported by Graphite. What we can do? We can urlEncode the metric name which has special characters. So like “/var/opt” (not valid file name) will become “%2Fvar%2Fopt”(now valid), using urlEncode instead of others (like BASE64) is because this will keep most of data readable. So what to change? 1. urlEncode metric name before send to Graphite (if you always sending metrics using text/line mode instead of pickle/batch mode, then you may consider modify ...

How to send command / input to multiple Putty window simultaneously

Putty is one of the best and must-have freeware for people working on Linux/Unix but use Windows as client like me. We need to manage many servers and sometimes we are hoping we can run/execute same command on multiple host at same time, or just input same thing to multiple host. I searched online for a tool can do this. And it looks like PuTTYCS (PuTTY Command Sender) is the only one existing. But I’m a little bit disappointing after tried the software, it’s good but not good enough. It can only send command to each window one by one, and you have to wait until last window got input. So I think I should do something, and puttyCluster was born ( https://github.com/mingbowan/puttyCluster ) interface is simple: When you input Windows title pattern in the text box, you will be prompt for how many windows matching the pattern, like this: and you click the edit box under “cluster input”, what ever key you pressed will pass to all those windows simultaneously, even “Ctrl-C”, “Esc” ...

troubleshooting: gimp 2.8 cannot start up plugin

gimp 2.8 is out, I downloaded Windows version and installed. But when I try to run it, below error pops-up (the procedure entry point gzdirect could not be located in the dynamic link library zlib1.dll): if I click on OK, the program can continue, but I want to fix it since I don’t want to miss anything, so I fired up Process explore and when the error pops-up, I located the zlib1.dll using Process Explorer’s DDL view Here’s the output double click on zlib1.dll, and got below info I did a file search under GIMP’s directory, there are 2 of them (one for 64-bit and one for 32-bit), and the version is different with the one in Windows directory: seems the dll file within system directory was loaded instead of the one come with Gimp. I located the plugin’s directory by double click on the name (script-fu.exe) in Process Explorer And then copied zlib1.dll from GIMP’s bin directory (in my case, its C:\Program Files\GIMP 2\bin ) into the plug-ins di...

mingbo's tech tips

Search This Blog