Hi, I’m pretty new to this, so not sure whether I’m
doing something daft or not. I have
a newly installed SUSE 9.0 linux machine with Open LDAP setup and working well
enough, except for one or possibly two problems (I’m not sure if they are
separate or not). Whenever I change
the password using passwd I get a prompt asking for the LDAP login before I can
change the password. If I give the
right LDAP password then I get the usual prompt (twice) to change the password. When doing this as root I don’t
expect to get the LDAP login prompt, though one probably should when doing it
as the relevant user (as root I’m using passwd <username>). The bigger problem for me is that having changed the user’s
password I find that instead of being stored in the md5crypt format that it was
when I initially setup the account and transferred it to the LDAP database it
is now in simple crypt format. My
slapd.conf file initially contained password-hash {crypt} password-crypt-salt-fromat “$1$%.8s” I changed this to just Password-hash {md5} But nothing changed. The ldap.conf file has the line pam_password md5 The pam configuration … I started trying to setup each individual pam.d file for
pam_ldap.so until I read in one of the SUSE files that the /etc/security/pam_unix2.conf
file controls the operation. This
is mine… auth: use_ldap
nullok account: use_ldap password: use_ldap md5
nullok session: none This doesn’t really stop the system from working –
I can login any user, but I have the odd side effect that it seems that the
original passwd file bases password and the new LDAP password both exist and
work. I am concerned however that I
am heading for a more difficult problem because I am working towards setting up
this machine as a Samba PDC and would suspect that when it comes to keeping
passwords in sync I’m going to find it a lot easier if I can solve this
problem. I hope someone out there can shed some light on the reasons
why this setup is not passing md5crypt or simply md5 hashed passwords to the
LDAP database. Thanks for reading Damon |