[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: AIX as openldap client
On Monday, 8 November 2010 16:07:25 Stef Coene wrote:
> On Monday 08 November 2010, you wrote:
> > Hello Stef,
> >
> > could you please point what you did to solve your problems as anybody
> > else could be interested in that solution. Unfortunately, these
> > machines are on my schedule, too. :)
>
> I'm documenting the steps I do to get it working and the possible problems.
> When I'm done, I will post them somewhere.
> I also have to this on the production servers.
>
> I still have some problems with the passwords. I have to change the
> password from an AIX box before it works.
What hash ends up in userPassword in this case? crypt? Real crypt(), with it's
8-character limit?
This normally indicates a problem in the configuration. On a Linux host, this
would typically indicate that nss_ldap was set up, but pam_ldap was not, and
authentication was working via app->PAM->pam_unix->getspent(3)->nss->nss_ldap-
>LDAP, whereas you may prefer app->PAM->pam_ldap (otherwise some pam_ldap-
based authorization features don't work, password hashes are limited to those
that are supported by all your clients etc.).
I don't have any access to our AIX hosts though ...
Regards,
Buchan