[Date Prev][Date Next] [Chronological] [Thread] [Top]

auth problem - solved partly, if of someone's interest



Hi List.
For those it could be interesting.
Brief history.
I had an auth problem between OpenLDAP 2.1.17 (Solaris 9) and client boxes
(Solaris 9 and FreBSD 4.7).
OpenLDAP was configured and built with defaults:
    ./configure
    make depend
    make
    make test
    su root -c "make install"
I kept test user password in CRYPT format in LDAP database. It was done
because I'm planning to migrate from NIS and all the passwords in my NIS are
stored in CRYPT.
{CRYPT}Q86nvCHePoSvk  = 12345 for my test user "erik"

On clients I had PAM (/etc/pam.conf)  configured for "login auth" via
pam_ldap and
/etc/ldap.conf configured to connect to server with simple bind.
Trying to telnet to client boxes I had permanent "Invalid credentials"
message from server even with correct password.
After configuring OpenLDAP with "--enable-crypt" option I finally have got
"Success" in bind response.

I wander why default configuration doesn't have this option switched on?
    --enable-crypt        enable crypt(3) passwords [no]

I think lots of people migrate from NIS/passwd with passwords in CRYPT
format...

Alexei.