[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL and PAM based password changing



Hello:

Norbert Klasen wrote,
> >I got SASL going with OpenLDAP. How is password changing to be handled
> >when the passwords are being stored in sasldb?
> 
> With saslpasswd. OpenLDAP doesn't propagate password changes.

Ok.
 
> >Despite this, the userPassword attribute ends up with a {SSHA} password
> >if passwords are changed using PAM (/usr/bin/passwd). The pam_ldap is
> >using OpenLDAP extended operation for changing passwords, but OpenLDAP
> >seems to be using its default hashing algo (SSHA) and not honoring the
> >{SASL} of the entry.
 
> Well, if you don't specify an option, its default value should be used, 
> shouldn't it?

Correct. Hmm... so what purpose does the OpenLDAP "extended operations"
serve?

IAC, I have now moved my backend to Kerberos and am having fun putting
together scripts to manage principles. :)

Norbert, thank you for your time.

-- Shanu

-- 
Stenderup's Law:
	The sooner you fall behind, the more time you will have to catch up.