[Date Prev][Date Next] [Chronological] [Thread] [Top]

Problems with allowing users to change their own passwords



Hi - I am using openldap on some Solaris 8 hosts.  So far I am just using it
to be able
to authenticate users via ssh.  I've got it up and working, with SSL/TLS
(using the padl
nss and pam ldap modules).

I've run into a problem now though that has me stumped.  No matter how I try
to play with
ACLs in the slapd.conf file, users aren't able to change their own
passwords.  The current
ACLs I have in place are as follows:

access to attr=userPassword
        by self write
        by anonymous auth
        by * none
access to *
        by self write
        by * read

Here is what happens when I ssh in as an ldap user and use the "passwd"
command:

> passwd
passwd:  Changing password for barney
Enter login(LDAP) password: 
New password: 
Re-enter new password: 
passwd (LDAP): Couldn't change passwd/attributes for barney
Permission denied

I'm not sure if it's an ACL related issue or not, because the same thing
happens even with
these ACLs:

access to * by * write
access to * by * auth
access to * by * read

Is there something else I'm missing that might bear on Solaris 8's passwd
command and 
openldap and/or the padl pam/nss modules?    If there's any other
information I can give to
help troubleshoot this please let me know.  Thanks in advance!
This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged.
The information is intended only for the use of the individual(s) or entity named above.  If you are not the intended recipient, be
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited.  If you have received
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field.