[Date Prev][Date Next] [Chronological] [Thread] [Top]

pam_ldap exop/ldappasswd and salted hashes fail



I've set up a system with OpenLDAP 2.0.22, pam_ldap 137 from padl,
on a machine with a RedHat 7.1 base.

I've got a weird problem where slapd won't change the password if I pick
ssha or smd5 when specifying password-hash in slapd.conf.  Using md5 or
sha works.

When I use passwd with pam_ldap I get
    :passwd
    Enter login(LDAP) password: 
    New UNIX password: 
    Retype new UNIX password: 
    New password: 
    Re-enter new password: 
    LDAP password information update failed: Unknown error
    passwd: Permission denied

(Yes, I'm being asked for the new password four times, but I'll fix
that once I get the password actually being updated.)  As I said,
if I switch to md5 or sha, it works.

At first I thought it might be a bug in pam_ldap, so I tried it again with
ldappasswd.  When I invoke that I get:

	:ldappasswd -D uid=kgarner,ou=users,ou=auth -x -W -S uid=kgarner,ou=users,ou=auth
	New password: 
	Re-enter new password: 
	Enter bind password: 
	Result: Unknown error (80)
	Additional info: password hash failed

For the record, that's not my real DN, I changed it after I pasted
it here.  In any case, this also works once I specify sha or md5, but
not ssha or smd5.

I'm a bit stumped as to what it can be at this point.  Any ideas,
pointers, tips, anything I should try?  I searched the net and didn't
seem to come up with anything really relevant.

Also, it should be noted I updgraded to .22 after this was failing
with .21.  It fails under both for me.

Keith

-- 
   Keith T. Garner                                        kgarner@kgarner.com
   The whole problem with the world is that fools and fanatics are always so
 certain of themselves, and wiser people so full of doubts.  --Bertrand Russell