[horde] PAM auth and expiring passwords
Michael J Rubinsky
mrubinsk at horde.org
Sat Nov 14 18:18:20 UTC 2015
Quoting Jason L Tibbitts III <tibbs at math.uh.edu>:
> I have Horde 5.2.8 set up and running fine using the PAM pecl module for
> authentication. In my old Horde setup I did authentication through the
> IMAP server but I wanted to try and do something more useful with
> expiring and expired passwords. (We actually use Kerberos for
> authentication, but that's an entirely different topic.)
> I know PAM itself has a way to communicate more information than just
> "login failed" or "login succeeded". Expiration messages even get into
> the server log:
> httpd: pam_sss(system-auth:auth): User info message: Your password
> will expire in 3 day(s).
> Has anyone played with making use of that information? I would at least
> like to inform users that their password is expiring or that they aren't
> able to log in because their password has expired. Ideally they'd be
> directed (or forced) to a password changing interface, but right now I'd
> settle for a useful warning or error.
> At this point I know little PHP but if anyone has some hints on how I
> might go about this and what documentation I'd need to read then I'm
> happy to have a go.
> - J<
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
http://svn.php.net/viewvc/pecl/pam/trunk/README?view=markup there is a
parameter to check system account management (including expiriation
date, login hours etc...). However, it seems it might require root
You would need to add this parameter to the pam_auth() call in
Horde_Auth_Pam:: so I would start there...
The Horde Project
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5751 bytes
Desc: S/MIME Signature
More information about the horde