[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: userPassword - if it's stored in {crypt} format, how do you make ldappasswd keep it that way when a user changes it?
- To: "Lawrence, Mike (White Plains)" <Mike.Lawrence@starwoodhotels.com>, <openldap-software@OpenLDAP.org>
- Subject: RE: userPassword - if it's stored in {crypt} format, how do you make ldappasswd keep it that way when a user changes it?
- From: "Jeff Costlow" <j.costlow@f5.com>
- Date: Tue, 20 May 2003 11:19:33 -0700
- Content-class: urn:content-classes:message
- Thread-index: AcMe+zS8v81K+D8+RLyzq+DI700yvQAAEidw
- Thread-topic: userPassword - if it's stored in {crypt} format, how do you make ldappasswd keep it that way when a user changes it?
slapd.conf(5) and search for password-hash and password-crypt-salt-format.
here's what I have in my slapd.conf:
password-hash {CRYPT}
password-crypt-salt-format "$1$.8s"
but if you use the 2nd line above, make sure that you have a crypt that supports $1$....$.... md5-based password.
$1$...$.... is still {CRYPT}, not {MD5}!!!
-----Original Message-----
From: Lawrence, Mike (White Plains)
[mailto:Mike.Lawrence@starwoodhotels.com]
Sent: Tuesday, May 20, 2003 10:33 AM
To: openldap-software@OpenLDAP.org
Subject: userPassword - if it's stored in {crypt} format, how do you
make ldappasswd keep it that way when a user changes it?
Hi - I am having an issue now with ldappasswd. I am using openldap with
Solaris 8 to allow users to authenticate
via ssh. Their passwords are stored in the {crypt} format. After playing
with ACLs, passwd and ldappasswd, I was
finally able to get ldappasswd to be able to change a user's password as
that user. I am also using SSL/TLS with
the pam padl and nss ldap modules.
The problem now is that when I use ldappasswd and change the password, I
don't believe it is storing it in {crypt}
format after it changes it. So once it gets changed, authentication stops
working with both the new and old
passwords. I'm not sure what I need to change - I've tried changing the
pam_password setting in /etc/ldap.conf
to both "pam_password crypt" and "pam_password exop" with no luck either
way.
Does anyone know how to get ldappasswd to store a newly changed password in
crypt'ed format? Thanks!
This electronic message transmission contains information from the Company that may be proprietary, confidential and/or privileged.
The information is intended only for the use of the individual(s) or entity named above. If you are not the intended recipient, be
aware that any disclosure, copying or distribution or use of the contents of this information is prohibited. If you have received
this electronic transmission in error, please notify the sender immediately by replying to the address listed in the "From:" field.