[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Passwords in DIT after MOD from Solaris Client
- To: openldap-technical@openldap.org
- Subject: Passwords in DIT after MOD from Solaris Client
- From: Ben Rockwood <benr@cuddletech.com>
- Date: Mon, 22 Nov 2010 01:24:59 -0800
- User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
Hello,
I'm using pam_ldap on a Solaris 10 client and an OpenLDAP server.
Everything works great, with one little exception.
I can create new accounts from an LDIF specifying the password as
{SSHA} and everything works fine. Users can login, etc. However, if a
user changes their password from Solaris ('passwd -r ldap') the password
is now stored in the directory as plaintext. The user can still login,
change their password, etc, it works fine... but I don't want plaintext
passwords in the directory.
I tried adding "password-hash {SSHA}" to slapd.conf, but that didn't
do anything... nor would I expect it to because its the default setting.
Can anyone point me in the right direction?
benr.