[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
pam_ldap exop/ldappasswd and salted hashes fail
I've set up a system with OpenLDAP 2.0.22, pam_ldap 137 from padl,
on a machine with a RedHat 7.1 base.
I've got a weird problem where slapd won't change the password if I pick
ssha or smd5 when specifying password-hash in slapd.conf. Using md5 or
sha works.
When I use passwd with pam_ldap I get
:passwd
Enter login(LDAP) password:
New UNIX password:
Retype new UNIX password:
New password:
Re-enter new password:
LDAP password information update failed: Unknown error
passwd: Permission denied
(Yes, I'm being asked for the new password four times, but I'll fix
that once I get the password actually being updated.) As I said,
if I switch to md5 or sha, it works.
At first I thought it might be a bug in pam_ldap, so I tried it again with
ldappasswd. When I invoke that I get:
:ldappasswd -D uid=kgarner,ou=users,ou=auth -x -W -S uid=kgarner,ou=users,ou=auth
New password:
Re-enter new password:
Enter bind password:
Result: Unknown error (80)
Additional info: password hash failed
For the record, that's not my real DN, I changed it after I pasted
it here. In any case, this also works once I specify sha or md5, but
not ssha or smd5.
I'm a bit stumped as to what it can be at this point. Any ideas,
pointers, tips, anything I should try? I searched the net and didn't
seem to come up with anything really relevant.
Also, it should be noted I updgraded to .22 after this was failing
with .21. It fails under both for me.
Keith
--
Keith T. Garner kgarner@kgarner.com
The whole problem with the world is that fools and fanatics are always so
certain of themselves, and wiser people so full of doubts. --Bertrand Russell