Hopefully someone can help out. I am currently running openldap 2.4 with a provider and two consumers. I have a few Linux hosts and a few HP-UX hosts setup for authentication and sudo. For the most part everything works well. I actually
have no issues with Linux hosts. On my HP-UX hosts, I have LDAP-UX integration setup. I am able to authenticate fine. Sudo also works well. My issue is when I set pwdReset=TRUE. Basically The HP-UX boxes just keep prompting for the password again., but never
prompting for a new authtok. As part of the implementation on the HP-UX servers, I use pam_authz. I have the following entry set.
PAM_NEW_AUTHTOK_REQD:ldap_filter:(pwdReset=TRUE)
The way it should work is that it reads and finds that pwdReset is set to true and passes PAM_NEW_AUTHTOK_REQD. But instead I see this entry in the syslog file:
error: PAM: Authentication token manipulation error for userXYZ from serverXYZ
I take that as actually being PAM_AUTHTOK_ERR being returned.
I am not sure if anyone else has any experience with HP-UX LDAP-UX integration and getting it to work with openldap. I feel it is probably something trivial that I am overlooking. Any help would be appreciated.