[Date Prev][Date Next] [Chronological] [Thread] [Top]

md5 password problem! pam_ldap or openldap problem?



	Hi!
	I'mm using openldap 2.0.7 and pam_ldap-98 on a RedHat 7.

	Strange problem when you compare scenarios 1 and 2:

[Scenario 1]

slapd.conf (acl part)
--- + ---
access to attrs=userPassword
       by self write
       by dn=uid=manager,dc=auth write
       by * compare

access to *
        by * read
--- + ---

Auth process
------------
user crypt (whith crypt password)
OK
user md5 (with md5 password)
pam_ldap: error trying to bind as user "uid=md5, dc=auth" (Invalid
credentials)


[Scenario 2]
slapd.conf (acl part)
--- + ---
access to attrs=userPassword
       by self write
       by dn=uid=manager,dc=auth write
       by * read

access to *
        by * read
--- + ---
(the previous is equivalent to "access to * by * read")

Auth process
------------
user crypt (whith crypt password)
OK
user md5 (with md5 password)
OK

	Note that the above called "Auth Process" was done with several
applicationss using pam.d files included with pam_ldap-98.

	So what happens? Why does it work with 'crypt password' and does
not work with 'md5 passwd' in scenario 1 and both work in scenario 2?

	Does anyone have a similar problem? How can an ACL on slapd.conf
cause such behavior?! It does not make any sense...

	How exactly is done the password verification?!

	Is this a problem from pam_ldap or openssl?

	Regards,

-- 
	Paulo Matos
 ----------------------------------- ----------------------------------
|Sys & Net Admin                    | Serviço de Informática           |
|Faculdade de Ciências e Tecnologia | Tel: +351-21-2941346             |
|Universidade Nova de Lisboa        | Fax: +351-21-2948548             |
|P-2825-114 Caparica                | e-Mail: pjsm@fct.unl.pt          |
 ----------------------------------- ----------------------------------