Re: PAM authentication and PPolicy issues
Sent: Wed Jun 20 2012 04:36:03 GMT-0400 (EDT)
From: Clément OUDOT <clem.oudot(a)gmail.com>
To: Francesco Belli <Francesco.Belli(a)vegaspace.com>
openldap-technical(a)openldap.org
Subject: Re: PAM authentication and PPolicy issues
2012/6/20 Francesco Belli<Francesco.Belli(a)vegaspace.com>:
> Hi Clement,
> I already used pam_password directive, I set it to cleartext, but this parameter is
used for password change and not for authentication. As man pam_ldap says "Specifies
the password change protocol to use", so not the authentication method. Now my
situation is that I have some users in the LDAP server that they have a SHA hash in the
userPassword field, and they are correctly authenticated, others that have a clear text
password and cannot be authenticated via PAM.
Password scheme used in LDAP directory do not prevent any application
to authenticate to LDAP. Dig into logs to see what is the real reason
of your problem.
Clément.
In addition, it is not true that the password must be stored in
cleartext for pwdCheckQuality and pwdInHistory to work. Storing
passwords in cleartext is bad.
-Patrick
Attachments:
- attachment.htm (text/html — 2.1 KB)