[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

LDAP passwd

To: luci-discuss@luci.org
Subject: LDAP passwd
From: Danny Sauer <sauer@cloudmaster.com>
Date: Thu, 8 Jun 2000 11:36:25 -0500
Organization: Linux Users of Central Illinois
Reply-To: luci-discuss@luci.org
Sender: owner-luci-discuss@luci.org


So, I never actually saw - has anyone actually gotten password changes working
with pam_ldap?  I've been going on the hope that users never want to change
their password for a little too long now...

I've got this "supplied with pam_ldap" pam.d/passwd file:

auth       sufficient	/lib/security/pam_ldap.so
auth       required     /lib/security/pam_unix_auth.so use_first_pass
account    sufficient	/lib/security/pam_ldap.so
account    required     /lib/security/pam_unix_acct.so
password   required	/lib/security/pam_cracklib.so retry=3
password   sufficient	/lib/security/pam_ldap.so 
password   required     /lib/security/pam_unix_passwd.so try_first_pass

but I get no changed password.

I know stuff is *kinda* set up right, 'cause I can log in.  chsh and passwd
do not work, however, and I think it's a rights thing.  Is there some good
documentation somewhere on how these things need to be set up to work, 
like the attributes each user should have and the like?

I think I've got the LDAP (openldap) server set up wrong, because my crypt()'d
password doesn't work ( rootpw {crypt}dsL/6N1rUU8. ) for my root dn, and
I can't figure out how to bind to the server as myself.  Am I wrong in thining
that I need to bind as myself to change my passwd?  I shut off all the "access" 
lines in slapd.conf, and then tried re-enabling them, to no avail.
Here's what happens:

----------
sauer@ariel:/mnt/csc/staff/sauer > rpm -q pam_ldap nss_ldap
pam_ldap-46-11
nss_ldap-105-29
sauer@ariel:/mnt/csc/staff/sauer > passwd
New UNIX password: 
Retype new UNIX password: 
Enter login(LDAP) password: 
New password: 
Re-enter new password: 
LDAP password information update failed: Insufficient access

/usr/share/dict/cracklib_dict.pwd: No such file or directory
PWOpen: No such file or directory
sauer@ariel:/mnt/csc/staff/sauer > chsh
Password: 
Changing the login shell for sauer
Enter the new value, or press return for the default
	Login Shell [/bin/bash]: /usr/bin/zsh
	chsh: sauer not found in /etc/passwd
----------

Thanks for any suggestions. :)
--Danny

--
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

Follow-Ups:
- Re: LDAP passwd
  - From: John Corey <john@jcorey.org>
- Re: LDAP passwd
  - From: Jeff Licquia <jeff@luci.org>

Prev by Date: RE: new web site
Next by Date: Re: new web site
Prev by thread: Re: new web site
Next by thread: Re: LDAP passwd
Index(es):
- Date
- Thread