[Date Prev][Date Next] [Chronological] [Thread] [Top]

Passwords in DIT after MOD from Solaris Client



Hello,

 I'm using pam_ldap on a Solaris 10 client and an OpenLDAP server. 
Everything works great, with one little exception.

 I can create new accounts from an LDIF specifying the password as
{SSHA} and everything works fine.  Users can login, etc.  However, if a
user changes their password from Solaris ('passwd -r ldap') the password
is now stored in the directory as plaintext.  The user can still login,
change their password, etc, it works fine... but I don't want plaintext
passwords in the directory.

 I tried adding "password-hash   {SSHA}" to slapd.conf, but that didn't
do anything... nor would I expect it to because its the default setting.

 Can anyone point me in the right direction?

 benr.