[horde] PAM auth and expiring passwords

Jason L Tibbitts III tibbs at math.uh.edu
Fri Nov 13 02:27:52 UTC 2015

I have Horde 5.2.8 set up and running fine using the PAM pecl module for
authentication.  In my old Horde setup I did authentication through the
IMAP server but I wanted to try and do something more useful with
expiring and expired passwords.  (We actually use Kerberos for
authentication, but that's an entirely different topic.)

I know PAM itself has a way to communicate more information than just
"login failed" or "login succeeded".  Expiration messages even get into
the server log:

httpd[1428]: pam_sss(system-auth:auth): User info message: Your password
will expire in 3 day(s).

Has anyone played with making use of that information?  I would at least
like to inform users that their password is expiring or that they aren't
able to log in because their password has expired.  Ideally they'd be
directed (or forced) to a password changing interface, but right now I'd
settle for a useful warning or error.

At this point I know little PHP but if anyone has some hints on how I
might go about this and what documentation I'd need to read then I'm
happy to have a go.

 - J<

More information about the horde mailing list