[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL and PAM based password changing

To: OpenLDAP-Software <openldap-software@OpenLDAP.org>
Subject: Re: SASL and PAM based password changing
From: Shanker Balan <shanu@exocore.com>
Date: Thu, 7 Feb 2002 19:44:35 +0530
Content-disposition: inline
In-reply-to: <159148703.1013092723@localhost>
Organisation: Exocore Consulting (P) Ltd <http://www.exocore.com>
References: <20020202072354.GB3124@exocore.com> <159148703.1013092723@localhost>
User-agent: Mutt/1.3.27i

Hello:

Norbert Klasen wrote,
> >I got SASL going with OpenLDAP. How is password changing to be handled
> >when the passwords are being stored in sasldb?
> 
> With saslpasswd. OpenLDAP doesn't propagate password changes.

Ok.
 
> >Despite this, the userPassword attribute ends up with a {SSHA} password
> >if passwords are changed using PAM (/usr/bin/passwd). The pam_ldap is
> >using OpenLDAP extended operation for changing passwords, but OpenLDAP
> >seems to be using its default hashing algo (SSHA) and not honoring the
> >{SASL} of the entry.
 
> Well, if you don't specify an option, its default value should be used, 
> shouldn't it?

Correct. Hmm... so what purpose does the OpenLDAP "extended operations"
serve?

IAC, I have now moved my backend to Kerberos and am having fun putting
together scripts to manage principles. :)

Norbert, thank you for your time.

-- Shanu

-- 
Stenderup's Law:
	The sooner you fall behind, the more time you will have to catch up.

Follow-Ups:
- Re: SASL and PAM based password changing
  - From: Norbert Klasen <norbert.klasen@daasi.de>

References:
- SASL and PAM based password changing
  - From: Shanker Balan <shanu@exocore.com>
- Re: SASL and PAM based password changing
  - From: Norbert Klasen <norbert.klasen@daasi.de>

Prev by Date: Re: Search using indexed attributtes
Next by Date: triggering
Index(es):
- Chronological
- Thread