LDAP and passwd.c - BSD

This is a discussion on LDAP and passwd.c - BSD ; Greetings, I'm running openldap 2.3.39, pam_ldap-1.8.4, and nss_ldap-1.257 on a FreeBSD 6.2 server and have installed this patch to passwd.c: http://lists.freebsd.org/pipermail/f...er/008819.html When I use the new passwd command to change an LDAP users password, the password seems to be stored ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: LDAP and passwd.c

  1. LDAP and passwd.c

    Greetings,

    I'm running openldap 2.3.39, pam_ldap-1.8.4, and nss_ldap-1.257 on a
    FreeBSD 6.2 server and have installed this patch to passwd.c:

    http://lists.freebsd.org/pipermail/f...er/008819.html

    When I use the new passwd command to change an LDAP users password, the
    password seems to be stored just base64 encoded without having been
    hashed/encrypted in the LDAP directory and the LDAP user cannot login.
    If I set the password through the webmin LDAP users interface, the
    password gets properly hashed and encoded and the user can then login.

    I've run a java program to query the directory for the userPassword
    attribute and can print it out in plain text so I know its not getting
    hashed.

    Is there some configuration I may have missed in openldap, pam_ldap, or
    nss_ldap?

    thanks
    John


  2. Re: LDAP and passwd.c

    John Rushford wrote:
    > Greetings,
    >
    > I'm running openldap 2.3.39, pam_ldap-1.8.4, and nss_ldap-1.257 on a
    > FreeBSD 6.2 server and have installed this patch to passwd.c:
    >
    > http://lists.freebsd.org/pipermail/f...er/008819.html
    >
    > When I use the new passwd command to change an LDAP users password, the
    > password seems to be stored just base64 encoded without having been
    > hashed/encrypted in the LDAP directory and the LDAP user cannot login.
    > If I set the password through the webmin LDAP users interface, the
    > password gets properly hashed and encoded and the user can then login.
    >
    > I've run a java program to query the directory for the userPassword
    > attribute and can print it out in plain text so I know its not getting
    > hashed.
    >
    > Is there some configuration I may have missed in openldap, pam_ldap, or
    > nss_ldap?
    >
    > thanks
    > John
    >


    Never mind, I found it. Had left out 'pam_password crypt' in my
    ldap.conf. The default is clear text.

    John

+ Reply to Thread