[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: authentication passwords
On Wed, 2003-12-31 at 08:50, paul k wrote:
> Craig White wrote:
>
> > I'm confused and trying to work this out.
> me too, wat's exactly the problem?
>
> >
> > it adds to the users ldap userPassword::
> > e2NyeXB0fSQxJFhQd01XLzBrJDZXdDZMTDJPQ2dHOE5jZHpsa041UDE=
> That seems to be base64 encoded, note the double colon.
>
> >
> > seems to me that this is one of those details that I would rather never
> > knowing but I have to make peace between samba needs/posix
> > needs/customer needs to have simplicity in changing their passwords.
> >
> > Evidently I don't get it. Point me in a direction?
> One shot in the dark, making "passwd" work for accounts in LDAP DIT
> requires PAM to be setup correctly.
---
turns out that the problem isn't really the passwords at all, it's the
pam.d/system-auth that's been making me crazy (redhat AS 3 - though
evidently, this is a problem that extends far beyond red hat)
The first two lines of pam.d/system-auth...
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
but if I 'su -' to root, I get a segmentation fault.
One of the web pages suggests that you change the second line..
from
/lib/security/$ISA/pam_unix.so ...
to
/lib/secuirty/$ISA/pam_pwdb.so ...
and indeed that fixes the seg fault problem when you su
but that also means that other services can't log on...i.e. IMAP/POP3
etc.
evidently PAM still has some issues here with LDAP authentication (or at
least my understanding of it still has some issues)
My concern was the myriad of methods that exist to allow
setting/changing of posixAccount:userPassword and
sambaSamAccount:sambaLMPassword and sambaSamAccount:sambaNTPassword can
set them differently and I'm having to test out each method by actually
trying to log in to each service after each change method.
for example, I have tried using the following to set the passwords...
Webmin:LDAP Users and Groups
passwd
smbpasswd
Windows - Change password control panel
It's making me crazy
;-)
Craig