I sent this first to the pamldap list, but it occurred to me shortly afterwards that this is really an OpenLDAP issue. Wil -- W. Reilly Cooley wcooley@nakedape.cc Naked Ape Consulting http://nakedape.cc LNXS: Linux/GNU for servers, networks, and http://lnxs.org people who take care of them. *Now with integrated crypto!* irc.openprojects.net #lnxs Men have a much better time of it than women; for one thing they marry later; for another thing they die earlier. -- H.L. Mencken
--- Begin Message ---
- To: pamldap@padl.com
- Subject: crypt MD5 passwords: invalid credentials
- From: Wil Cooley <wcooley@nakedape.cc>
- Date: Thu, 8 Mar 2001 11:50:13 -0800
- Content-disposition: inline
- Mail-followup-to: Wil Cooley <wcooley@nakedape.cc>, pamldap@padl.com
- User-agent: Mutt/1.2.5i
I've having a problem with my setup, and I'm hoping someone can provide some insight. My 2 main LDAP servers are running on a variation on Red Hat 6.2 called Immunix. They've been upgraded to OpenLDAP 2.0.7, with all the necessary libraries. This is a restricted-login system, so I'm not using nss/pam LDAP on that system. I'm not using anything fancy like Kerberos. My workstations are using Immunix 7, which is also a variation on RH 7. I have a temporary slave that's still running OpenLDAP 1.2 (well, replication doesn't work right for obvious reasons, but I need it until I can resolve this problem). Users with simple crypt passwords ('{crypt}crypthash') can login fine to workstations, as can users with {md5} and {SSHA} passwords. However, users in crypt MD5 passwords ('{crypt}$1$md5hash') cannot; their connections fail with 'Invalid credentials'. The PAM config files in /etc/pam.d have 'md5' in the pam_unix lines on the workstation, and the closed LDAP servers also have md5 in their pam_pwdb lines. I'm assuming that somehow the lack of a local login is causing the users to be rejects? Even though slapd is linked with libpam, I can't actually figure out which pam service it identifies itself as, running lsof and strace revealed nothing. Aside from having all my users with crypt MD5 passwords change their passwords, is there a way I can get this to work? Does anyone have any insight? Wil -- W. Reilly Cooley wcooley@nakedape.cc Naked Ape Consulting http://nakedape.cc LNXS: Linux/GNU for servers, networks, and http://lnxs.org people who take care of them. *Now with integrated crypto!* irc.openprojects.net #lnxs Men have a much better time of it than women; for one thing they marry later; for another thing they die earlier. -- H.L. MenckenAttachment: pgpFyprDmefkS.pgp
Description: PGP signature
--- End Message ---
Attachment:
pgpHOxlLxdfO2.pgp
Description: PGP signature