[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pamldap
Subject:    Re: [pamldap] does pam_ldap password cache
From:       Timo Veith <tv () rz ! fh-kl ! de>
Date:       2006-04-26 14:04:06
Message-ID: 200604261604.06960.tv () rz ! fh-kl ! de
[Download RAW message or body]

Am Dienstag 25 April 2006 18:06 schrieb Andrew Morgan:
> On Tue, 25 Apr 2006, Timo Veith wrote:
> > Hi pamldap readers,
> >
> > we have the following setup:
> >
> > saslauthd -> pam -> pam_ldap -> Active Directory
> >
> > cyrus-sasl-2.1.21
> > pam-0.78
> > pam_ldap-180
> > openldap-2.2.28
> >
> > When our users change their passwords, the old password is still
> > valid for about an hour or so. The new one also works, but it's a
> > little misleading if you have saved your old password in your email
> > client in still works until it somehow expires.
> >
> > I guess there is some cache somewhere in between. Our AD admin tells
> > me that passwords get replicated directly. I also tried it with
> > direct ldap binds (without pam) and the old password isn't working
> > there. So it must be some other cache somewhere.
> >
> > I don't have nscd running. Is there any other cache that I should
> > know of?
>
> saslauthd has the following parameters on my systems:
>
>       -c      Enable cacheing of authentication credentials
>
>       -t timeout
>               Use timeout as the expiration time of the authentication
> cache (in seconds)
>
>
> Perhaps you have the saslauthd cache enabled somehow?
>
>  	Andy

Hi,

it turned out that some Microsoft employees who must have smoked some bad 
sh** have to be blamed for this.

Check this out:
http://support.microsoft.com/kb/906305/en-us

Thanks for your replies and regards
Timo
[prev in list] [next in list] [prev in thread] [next in thread]