[Date Prev][Date Next] [Chronological] [Thread] [Top]

openldap pwdReset=True pam_authz HP-UX



Hopefully someone can help out. I am currently running openldap 2.4 with  a provider and two consumers. I have a few Linux hosts and a few HP-UX hosts setup for authentication and sudo. For the most part everything works well. I actually have no issues with Linux hosts. On my HP-UX hosts, I have LDAP-UX integration setup. I am able to authenticate fine. Sudo also works well. My issue is when I set pwdReset=TRUE. Basically The HP-UX boxes just keep prompting for the password again., but never prompting for a new authtok. As part of the implementation on the HP-UX servers, I use pam_authz. I have the following entry set.

 

PAM_NEW_AUTHTOK_REQD:ldap_filter:(pwdReset=TRUE)

 

The way it should work is that it reads and finds that pwdReset is set to true and passes PAM_NEW_AUTHTOK_REQD. But instead I see this entry in the syslog file:

 

error: PAM: Authentication token manipulation error for userXYZ from serverXYZ

 

I take that as actually being PAM_AUTHTOK_ERR being returned.

 

I am not sure if anyone else has any  experience with HP-UX LDAP-UX integration and getting it to work with openldap. I feel it is probably something trivial that I am overlooking. Any help would be appreciated.

 

 

 




This message (including any attachments) is confidential and intended for a specific individual and purpose. If you are not the intended recipient, please notify the sender immediately and delete this message.