>
> On Nov 28, 2005, at 5:38 PM, Michael Dinsmore wrote:
>
>> Although we are not setting user accounts to auth to AD, we are
>> enforcing password requirements via pwpolicy. One of those
>> restrictions is to change the password every 180 days.
>>
>> I don't think there is an agreed upon solution to fix this issue; I
>> looked at the list, and couldn't find it.
>
> This has been driving me nuts as part of an OD auditing project I've
> been playing with. I've resorted to learning how to talk to the PWS
> directly with no luck.
>
> The only visible indication I can find is the date/time stamp on the
> user's PWS slot. Unfortunately this serves two purposes to show when
> the password was changed, and when the last login was. So you can't
> use it to determine password age.
>
> Obviously this last change stamp is kept somewhere so that the PWS
> can look at the max minutes policy and determine when to expire the
> password. Where, I have no idea.
>
> Josh
Doh!
As Nigel pointed out to me, it seems like it simply reads the "Last
modified" property of the users kerb principal.
I had gotten so used to PasswordService that I forgot to dig into the KDC.
Josh
www.afp548.com
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
