[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Does any have LDAP password change working with "passwd"?
I've dug through many email list archives. I've found other cases where
people had similiar problems, but no solutions posted.
Is this even possible (it seems it should be)?
Dax
On Tue, 14 Aug 2001, Dax Kelson wrote:
>
> Users can login with NO problems. Changing the passwords is the problem.
>
> Running passwd gives:
>
> Enter login(LDAP) password: [password entered]
> LDAP Password incorrect: try again (this comes back very quickly)
> Enter login(LDAP) password: [password entered]
> (etc, etc)
>
> The the machine where the user is trying to change the password,
> /var/log/message shows:
>
> passwd[14697]: pam_ldap: error trying to bind as user
> "uid=testuser,ou=People,dc=example,dc=com" (Invalid credentials)
>
> Configuration follows:
>
> I've setup an OpenLDAP 2.0.11 server, here are the access control lines
> (taken from the Administrator's Guide). I imported everything using the
> PADL migration scripts.
>
> access to * by * read
> access to attr=userPassword
> by self write
> by anonymous auth
> by * none
> access to *
> by self write
> by users read
> access to * by users read
>
>
> === On the clients /etc/ldap.conf
> host server1.example.com server2.example.com
> base dc=example,dc=com
> port 636
> ssl start_tls
> ssl yes
>
> # cat /etc/pam.d/passwd
> #%PAM-1.0
> auth required /lib/security/pam_stack.so service=system-auth
> account required /lib/security/pam_stack.so service=system-auth
> password required /lib/security/pam_stack.so service=system-auth
>
> # cat /etc/pam.d/system-auth
> #%PAM-1.0
> # This file is auto-generated.
> # User changes will be destroyed the next time authconfig is run.
> auth required /lib/security/pam_env.so
> auth sufficient /lib/security/pam_unix.so likeauth nullok
> auth sufficient /lib/security/pam_ldap.so use_first_pass
> auth required /lib/security/pam_deny.so
>
> account required /lib/security/pam_unix.so
> account [default=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/pam_ldap.so
>
> password required /lib/security/pam_cracklib.so retry=3
> password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow
> password sufficient /lib/security/pam_ldap.so use_authtok
> password required /lib/security/pam_deny.so
>
> session required /lib/security/pam_limits.so
> session required /lib/security/pam_unix.so
> session optional /lib/security/pam_ldap.so
>
>
>
>