Re: Users cannot change passwords

[John Ziniti <jziniti@speakeasy.org>]

Sorry -- forgot to send to the list ...

In system-auth, I have the following:

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_ldap.so use_first_pass
password    sufficient    /lib/security/pam_unix.so nullok use_authtok
md5 shadow use_first_pass
password    required      /lib/security/pam_deny.so

Notice in particular that pam_ldap comes before
pam_unix.  Does that change anything?

JZ

Tibbetts, Ric wrote:

> All;
> I've been staring as this to long.
>
> I have a new OpenLDAP server, running on Solaris 9. The clients are a 
> combination of Solaris, and Redhat 8.0 & 9
>
> Users can authenticate, and log into the clients just fine. But they 
> cannot change their password.
>
> Using the "passwd" command gets the following:
>
> # > passwd
> Changing password for <user>
> passwd: Authentication token manipulation error
> # >
>
>
> Rather than try to quess at what config files to post, and clog up the 
> list, I put up a quick web site with the relevant config files, and 
> some specifics of software versions, and compile options, etc.
>
> If anyone has a moment, could you take a look at it, and let me know 
> what I missed?
>
> The site is:
>
> http://www.chadera.net/ldap
>
> Thank you in advance.
>
> NOTE: I can point these same clients to my other LDAP server (running 
> on native Solaris Directory Server), and all works fine. The big 
> difference in configuration between the two is the use of encrypted 
> passwords. The Native Solaris Directory Server is NOT running with 
> encrypted passwords, the OpenLDAP server is.
> I suspect this problem to be related to that.
>
> As always, any help will be greatly appreciated!
>
> -Ric