ssh no password expiry prompt with LDAP

I installed and configured 389 directory server (aka redhat directory server), created user/group and configured follow the instruction at http://directory.fedoraproject.org/wiki/Howto:PAM on my Redhat 5.x Linux server
I tried to reset user password, and then login with ssh, but no matter if the password is reset or not, there's no prompt for changing the expired password.
I tried using command "login testUser", it will prompt me for new password. I checked /etc/pam.d/sshd, found out it missed one entry:
auth include system-auth

and system-auth will include ldap related settings:
auth sufficient pam_ldap.so use_first_pass

then the password change prompt pop out after login with ssh:

WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user testUser.
Enter login(LDAP) password:

So now I can force user to change their password after password reset or when password expired.

Comments

How to send command / input to multiple Putty window simultaneously

Putty is one of the best and must-have freeware for people working on Linux/Unix but use Windows as client like me. We need to manage many servers and sometimes we are hoping we can run/execute same command on multiple host at same time, or just input same thing to multiple host. I searched online for a tool can do this. And it looks like PuTTYCS (PuTTY Command Sender) is the only one existing. But I’m a little bit disappointing after tried the software, it’s good but not good enough. It can only send command to each window one by one, and you have to wait until last window got input. So I think I should do something, and puttyCluster was born ( https://github.com/mingbowan/puttyCluster ) interface is simple: When you input Windows title pattern in the text box, you will be prompt for how many windows matching the pattern, like this: and you click the edit box under “cluster input”, what ever key you pressed will pass to all those windows simultaneously, even “Ctrl-C”, “Esc” ...

enable special character support in Graphite metric name

Problem Graphite doesn’t support special characters like “ “ (empty space), “/” slash etc. Because it expect everything to be just ASCII to split/processing them, and then make directories based on metric name. For example: Metric: datacenter1.server1.app1.metric1.abc Will create datacenter1/server1/app1/metric1/abc.wsp But Metric: datacentter1.this is a test/with/path.app.test will fail when create directory So any special name not allow to appear in directory/file name is not supported by Graphite. What we can do? We can urlEncode the metric name which has special characters. So like “/var/opt” (not valid file name) will become “%2Fvar%2Fopt”(now valid), using urlEncode instead of others (like BASE64) is because this will keep most of data readable. So what to change? 1. urlEncode metric name before send to Graphite (if you always sending metrics using text/line mode instead of pickle/batch mode, then you may consider modify ...

easily convert RSA SecurID Software Token URL between iPhone and Andriod

you may get URL like: for iPhone/iPad: com.rsa.securid.iphone://ctf?ctfData=nnnnnnnn for Andriod: http://127.0.0.1/securid/ctf?ctfData=nnnnnnnn you can convert between them, simply keep the ctf?ctfData=nnnnnnnn part and replace prefix, then import.

mingbo's tech tips

Search This Blog