[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
pam_ldap password update problem
I have succesfully implemented an ldap auth service, all works
fine for all kinds of services except for password update.
Having for /etc/pam.d/passwd the one that came with the pam_ldap
module,
#%PAM-1.0
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so use_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_pwdb.so try_first_pass
i get a strange behavior from password update, either doing it to a
local
user (user with auth info belonging to the machine) or with a remote
user
(user with auth info belonging to ldap).
Both machines, the ldap server and the client machine, are running
Red Hat 6.1.
The behavior is as follows:
-> Local user <-
[hm@mathilda hm]$ passwd
Changing password for hm
(current) UNIX password:
New UNIX password:
Retype new UNIX password:
Enter login(LDAP) password:
LDAP Password incorrect: try again
Enter login(LDAP) password:
[hm@mathilda hm]$
(Since the user is local, he shouldn't be prompted for LDAP
authentication, and since
he as no entry in the LDAP server, the operation is unsuccessfull).
Now for the LDAP user,
-> LDAP user <-
[hmmm@mathilda hmmm]$ passwd
New UNIX password:
Retype new UNIX password:
Enter login(LDAP) password:
New password:
Re-enter new password:
LDAP password information changed for hmmm
passwd: all authentication tokens updated successfully
Segmentation fault
[hmmm@mathilda hmmm]$
In this case the password is updated in the LDAP entry, but as you can
see there are two
different problems. The user is prompted for the new password by
pam_pwdb wich shouldn't
happen since the user as no auth info in the local machine. The other
problem is that at
the end of the operation i get a segmentation fault... It's not that
it's interfeering
the update itself but heck ... it's not a nice thing to happen... =)
Thanks in advance,
Hugo.
--
--------------------------------------------------------------------
| Hugo Monteiro | Móvel: +351-966 386 090 |
| Serviço Informática | Fixo : +351-212 948 300 x 1 0703 |
| Faculdade Ciências Tecnologia | 1 5305 |
| Universidade Nova Lisboa | |
| 2825-114 Monte Caparica | Email: hmmm@fct.unl.pt |
--------------------------------------------------------------------