22 Nov
2010
22 Nov
'10
1:24 a.m.
Hello,
I'm using pam_ldap on a Solaris 10 client and an OpenLDAP server. Everything works great, with one little exception.
I can create new accounts from an LDIF specifying the password as {SSHA} and everything works fine. Users can login, etc. However, if a user changes their password from Solaris ('passwd -r ldap') the password is now stored in the directory as plaintext. The user can still login, change their password, etc, it works fine... but I don't want plaintext passwords in the directory.
I tried adding "password-hash {SSHA}" to slapd.conf, but that didn't do anything... nor would I expect it to because its the default setting.
Can anyone point me in the right direction?
benr.