Hi,
Using OpenLDAP 2.0.23, I've got an LDAP directory set up, and I've
installed pam_ldap and nss_ldap on the machine. I've fiddled with the
PAM config files so that su/login/ftp/ssh/cron/passwd all work as
expected, on information stored in LDAP, but I've got one outstanding
problem.
The local /etc/passwd contains the root user account - this is the way I
want it, so at least root can log in and do stuff if LDAP isn't working.
However, I can't get it working so that root and LDAP users can change
passwords. However I change the /etc/pam.d/passwd file, I can get either
LDAP password changing working, or local, but not both. I want it to
attempt to change the password in LDAP first, and then fall back to
local password changing if the user doesn't exist in LDAP, but it won't
play:-
/etc/pam.d/passwd
=======================================
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5
use_first_pass
For an user in LDAP, but not in /etc/passwd:-
[fred@nunki fred]$ passwd
Enter login(LDAP) password:
New password:
Re-enter new password:
LDAP password information changed for fred
passwd: password updated successfully
For root:-
[root@nunki pam.d]# passwd
passwd: Authentication information cannot be recovered
Any help would be much appreciated.
Mike.