[SLE12] PAM and no_pass_expiry

PRZEMYSLAW · September 14, 2023, 7:33am

Hello there,

I would like to achieve the following scenario. When the password is expired the user can log on with a valid ssh key. On SLE 15 and older EL7 the following is possible via no_pass_expiry:

account    required    pam_nologin.so
account    sufficient  pam_unix.so no_pass_expiry
account    include     password-auth
password   sufficient  pam_unix.so no_pass_expiry
password   include     password-auth

Like here:

But I have not managed to figure out how to do it in SLE12. When I browse man 8 pam_unix it misses this no_pass_expiry entry on SLE12.

Shall I understand it is not possible to achieve such a goal on SLE12?

KR,
P

Topic		Replies	Views
Locking accounts and still allowing ldap logins? SLES Configure-Administer	4	248	March 20, 2019
Upgrade zLinux SLES11 SP4 to SLES12 SP5 from DVD in v.m. zVM 6.4 PAM: User account has expired... SLES for System Z	1	597	June 9, 2020
Can we change the expiry date for root password? SLES Configure-Administer	1	256	June 20, 2017
Does SLES12 support the PAM pam_faildelay module? SUSE Linux Enterprise Server	0	518	July 27, 2022
password complexity policy in SLES SLES Configure-Administer	3	206	November 5, 2013

[SLE12] PAM and no_pass_expiry

Related Topics