[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: auth problem - solved partly, if of someone's interest
- To: <openldap-software@OpenLDAP.org>
- Subject: RE: auth problem - solved partly, if of someone's interest
- From: "Rigler, Steve" <SRigler@MarathonOil.com>
- Date: Tue, 20 May 2003 11:47:12 -0500
- Content-class: urn:content-classes:message
- Thread-index: AcMe7m+HhwtikYG8RJaEerTzjjOkigAANqmQ
- Thread-topic: auth problem - solved partly, if of someone's interest
I had the same problem with the OpenLDAP 2.1.x packages SGI provides. They
weren't configured with "--enable-crypt". Would be nice to have set by default
to avoid these gotchas.
-Steve
-----Original Message-----
From: Alexei Monastyrnyi [mailto:alexeim@orcsoftware.com]
Sent: Tuesday, May 20, 2003 11:15 AM
To: openldap-software@OpenLDAP.org
Subject: auth problem - solved partly, if of someone's interest
Hi List.
For those it could be interesting.
Brief history.
I had an auth problem between OpenLDAP 2.1.17 (Solaris 9) and client boxes
(Solaris 9 and FreBSD 4.7).
OpenLDAP was configured and built with defaults:
./configure
make depend
make
make test
su root -c "make install"
I kept test user password in CRYPT format in LDAP database. It was done
because I'm planning to migrate from NIS and all the passwords in my NIS are
stored in CRYPT.
{CRYPT}Q86nvCHePoSvk = 12345 for my test user "erik"
On clients I had PAM (/etc/pam.conf) configured for "login auth" via
pam_ldap and
/etc/ldap.conf configured to connect to server with simple bind.
Trying to telnet to client boxes I had permanent "Invalid credentials"
message from server even with correct password.
After configuring OpenLDAP with "--enable-crypt" option I finally have got
"Success" in bind response.
I wander why default configuration doesn't have this option switched on?
--enable-crypt enable crypt(3) passwords [no]
I think lots of people migrate from NIS/passwd with passwords in CRYPT
format...
Alexei.