On Fri, Aug 05, 2011 at 11:46:53AM +0200, Roger Oberholtzer wrote:
On Fri, 2011-08-05 at 11:00 +0200, Lars Müller wrote:
/etc/sysconfig/displaymanager:DISPLAYMANAGER_AD_INTEGRATION
That allows you to log in to the AD domain from, say, KDM. This must be set even to get to the place where a password can be considered expired. But that is not necessarily the same as what to do when the AD password is found to have expired. If the OP says he is getting the message that his password is expired, should he be expecting KDM to have popped up a window where he can enter a new password that can be set in the AD? I think this is what he is curious about, and apparently does not see.
The full password change process - you see a message like "Your password has expired!" or "Your password will expire in n days!") - happens on display manager level. If that's no longer the case please feed bugzilla.
Having said that, what happens with a regular Linux account password if it is set to expire? Does KDM offer a place to enter a new one?
While on the topic of AD, aside from not needing to set up an account on the Linux machine, what else can logging in via AD offer on openSUSE?
You earn real single sign on aka the environent is kerberized.
But here I might have missed your question. Please be more verbose about what you mean with "what else can logging in via AD offer on openSUSE".
I was curious if there were any things that could be set up on Linux as a result of this AD login. I guess these are outside the AD login per-se. But having got the AD login makes one want to try more things that are no doubt beyond AD login. Once one has completed step A, there is always step B, C, etc... Us users are never satisfied.
Sorry, this is for a simple minded guy like me hard to parse. Please be more tangible or talk to a good doctor, therapist, your dog, wife ... ;) What we need to see are use cases and questions. Real world issues and not hypothetical hypothesis. One simple example: open firefox and try to access outlook web access. If you did all right you got a TGT - check this with the klist tool after login - and this allows you to get a particular service ticket. We did many presentations regarding this in the last years. Maybe we have to tape a short one again at the upcoming openSUSE conference. Which is btw a good place to kick several Samba guys in their lazy back side. :) Thanks. Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany