[Date Prev][Date Next] [Chronological] [Thread] [Top]

Solaris 9 with Openldap and TLS

To: openldap-software@OpenLDAP.org
Subject: Solaris 9 with Openldap and TLS
From: Adrian Quek <adrianq@bii.a-star.edu.sg>
Date: Thu, 22 Aug 2002 09:46:06 +0800
Organization: BioInformatics Institute
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1b) Gecko/20020721

Hi,

I've been trying to get Solaris 9 to talk to openldap (2.0.23) on a RedHat 7.3 server with TLS and I've managed to get authentication working with the native pam_ldap provided by Solaris 9. However whenever I attempt to change the password using the passwd command, it fails. However if I remove tls from my ldapclient, it works fine! But then my passwords would be in clear :( The following is my pam.conf configuration:

# PAM configuration
#
# Unless explicitly defined, all services use the modules
# defined in the "other" section.
#
# Modules are defined with relative pathnames, i.e., they are
# relative to /usr/lib/security/$ISA. Absolute path names, as
# present in this file in previous releases are still acceptable.
#
# Authentication management
#
# login service (explicit because of pam_dial_auth)
#
login   auth requisite          pam_authtok_get.so.1
login   auth required           pam_dhkeys.so.1
login   auth sufficient         pam_unix_auth.so.1
login   auth required           pam_ldap.so.1   try_first_pass
login   auth required           pam_dial_auth.so.1

# Default definitions for Authentication management
# Used when service name is not explicitly mentioned for authenctication
#
other   auth requisite          pam_authtok_get.so.1
other   auth required           pam_dhkeys.so.1
other   auth sufficient         pam_unix_auth.so.1
other   auth required           pam_ldap.so.1   try_first_pass
#
# passwd command (explicit because of a different authentication module)
#
passwd  auth sufficient         pam_passwd_auth.so.1
passwd  auth required           pam_ldap.so.1   try_first_pass
#
# cron service (explicit because of non-usage of pam_roles.so.1)
#
cron    account required        pam_projects.so.1
cron    account required        pam_unix_account.so.1
#
# Default definition for Account management
# Used when service name is not explicitly mentioned for account management
#
other   account requisite       pam_roles.so.1
other   account required        pam_projects.so.1
other   account required        pam_unix_account.so.1
#
# Default definition for Session management
# Used when service name is not explicitly mentioned for session management
#
other   session required        pam_unix_session.so.1
#
# Default definition for  Password management
# Used when service name is not explicitly mentioned for password management
#
other   password required       pam_dhkeys.so.1
other   password requisite      pam_authtok_get.so.1
other   password requisite      pam_authtok_check.so.1
other   password required       pam_authtok_store.so.1
other   password required       pam_ldap.so.1

----- Would this be a bug with Sun's implementation or has anyone managed to get it working?

regards,
Adrian Quek

Follow-Ups:
- Re: Solaris 9 with Openldap and TLS
  - From: Scott Moorhouse <smoorhouse@ae-solutions.com>

Prev by Date: Re: How can I resolve 'javaObject' Object class violation error? Plea se help
Next by Date: Win2K OpenLDAP server is coreing when used with JNDI and JSP
Index(es):
- Chronological
- Thread