[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
SASL and PAM based password changing
- To: OpenLDAP-Software <openldap-software@OpenLDAP.org>
- Subject: SASL and PAM based password changing
- From: Shanker Balan <shanu@exocore.com>
- Date: Sat, 2 Feb 2002 12:53:54 +0530
- Content-disposition: inline
- Organisation: Exocore Consulting (P) Ltd <http://www.exocore.com>
- User-agent: Mutt/1.3.27i
Hello:
I got SASL going with OpenLDAP. How is password changing to be handled
when the passwords are being stored in sasldb?
Currently, I have "pam_password exop" set in my pam_ldap.conf:
# Use the OpenLDAP password change
# extended operation to update the password.
pam_password exop
And in slapd.conf, "password-hash {crypt}" is commented out:
#The <hash> to use for userPassword generation.
#password-hash {crypt}
Despite this, the userPassword attribute ends up with a {SSHA} password
if passwords are changed using PAM (/usr/bin/passwd). The pam_ldap is
using OpenLDAP extended operation for changing passwords, but OpenLDAP
seems to be using its default hashing algo (SSHA) and not honoring the
{SASL} of the entry.
Any help appreciated.
-- Shanu
--
Today when a man gets married he gets a home, a housekeeper, a cook, a
cheering squad and another paycheck. When a woman marries, she gets a
boarder.