[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: 'pam_password exop' problems



Em Wed, Aug 29, 2001 at 11:53:44AM -0400, John Dalbec escreveu:

(...)

>   0000:  30 2b 02 01 06 78 26 0a  01 35 04 00 04 1f 75 73   0+...x&..5....us  
>   0010:  65 20 62 69 6e 64 20 74  6f 20 76 65 72 69 66 79   e bind to verify  
>   0020:  20 6f 6c 64 20 70 61 73  73 77 6f 72 64             old password     

(...)

> Do I just need to update pam_ldap.so?

I reported this to the pam_ldap list, but it seems it's not in the latest
releases (but I could be wrong, I haven't updated for a while now). 
pam_ldap is supplying the old password during the exop, it shouldn't.
The bind step is sufficient to verify the old password.

Here is what I did to may pam_ldap and it worked fine ever since using exop:

--- pam_ldap-118/pam_ldap.c~	Tue Jun 26 20:29:20 2001
+++ pam_ldap-118/pam_ldap.c	Wed Jun 27 17:52:58 2001
@@ -2190,7 +2190,7 @@
       ber_printf (ber, "{");
       ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID,
 		  session->info->userdn);
-      ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD, old_password);
+/*      ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD, old_password);*/
       ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW, new_password);
       ber_printf (ber, "N}");