[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: SASL and PAM based password changing
Hello:
Norbert Klasen wrote,
> >I got SASL going with OpenLDAP. How is password changing to be handled
> >when the passwords are being stored in sasldb?
>
> With saslpasswd. OpenLDAP doesn't propagate password changes.
Ok.
> >Despite this, the userPassword attribute ends up with a {SSHA} password
> >if passwords are changed using PAM (/usr/bin/passwd). The pam_ldap is
> >using OpenLDAP extended operation for changing passwords, but OpenLDAP
> >seems to be using its default hashing algo (SSHA) and not honoring the
> >{SASL} of the entry.
> Well, if you don't specify an option, its default value should be used,
> shouldn't it?
Correct. Hmm... so what purpose does the OpenLDAP "extended operations"
serve?
IAC, I have now moved my backend to Kerberos and am having fun putting
together scripts to manage principles. :)
Norbert, thank you for your time.
-- Shanu
--
Stenderup's Law:
The sooner you fall behind, the more time you will have to catch up.