[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: 'pam_password exop' problems
Em Wed, Aug 29, 2001 at 11:53:44AM -0400, John Dalbec escreveu:
(...)
> 0000: 30 2b 02 01 06 78 26 0a 01 35 04 00 04 1f 75 73 0+...x&..5....us
> 0010: 65 20 62 69 6e 64 20 74 6f 20 76 65 72 69 66 79 e bind to verify
> 0020: 20 6f 6c 64 20 70 61 73 73 77 6f 72 64 old password
(...)
> Do I just need to update pam_ldap.so?
I reported this to the pam_ldap list, but it seems it's not in the latest
releases (but I could be wrong, I haven't updated for a while now).
pam_ldap is supplying the old password during the exop, it shouldn't.
The bind step is sufficient to verify the old password.
Here is what I did to may pam_ldap and it worked fine ever since using exop:
--- pam_ldap-118/pam_ldap.c~ Tue Jun 26 20:29:20 2001
+++ pam_ldap-118/pam_ldap.c Wed Jun 27 17:52:58 2001
@@ -2190,7 +2190,7 @@
ber_printf (ber, "{");
ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID,
session->info->userdn);
- ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD, old_password);
+/* ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD, old_password);*/
ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW, new_password);
ber_printf (ber, "N}");