-
LDAP and passwd.c
Greetings,
I'm running openldap 2.3.39, pam_ldap-1.8.4, and nss_ldap-1.257 on a
FreeBSD 6.2 server and have installed this patch to passwd.c:
[url]http://lists.freebsd.org/pipermail/freebsd-bugs/2004-September/008819.html[/url]
When I use the new passwd command to change an LDAP users password, the
password seems to be stored just base64 encoded without having been
hashed/encrypted in the LDAP directory and the LDAP user cannot login.
If I set the password through the webmin LDAP users interface, the
password gets properly hashed and encoded and the user can then login.
I've run a java program to query the directory for the userPassword
attribute and can print it out in plain text so I know its not getting
hashed.
Is there some configuration I may have missed in openldap, pam_ldap, or
nss_ldap?
thanks
John
-
Re: LDAP and passwd.c
John Rushford wrote:[color=blue]
> Greetings,
>
> I'm running openldap 2.3.39, pam_ldap-1.8.4, and nss_ldap-1.257 on a
> FreeBSD 6.2 server and have installed this patch to passwd.c:
>
> [url]http://lists.freebsd.org/pipermail/freebsd-bugs/2004-September/008819.html[/url]
>
> When I use the new passwd command to change an LDAP users password, the
> password seems to be stored just base64 encoded without having been
> hashed/encrypted in the LDAP directory and the LDAP user cannot login.
> If I set the password through the webmin LDAP users interface, the
> password gets properly hashed and encoded and the user can then login.
>
> I've run a java program to query the directory for the userPassword
> attribute and can print it out in plain text so I know its not getting
> hashed.
>
> Is there some configuration I may have missed in openldap, pam_ldap, or
> nss_ldap?
>
> thanks
> John
>[/color]
Never mind, I found it. Had left out 'pam_password crypt' in my
ldap.conf. The default is clear text.
John
