Hello Community,
i have a problem with Solaris 10 LDAP password encryption to a OpenLDAP Server. When setting a inital Password with ldapadd login works fine, after the user changed inital Password on a Solaris-Station with 'passwd -r ldap' Solaris commited it with 'password successfully changed for john'. But the user cant login with the new Password.
1) Setting initial Password with ldapadd (Password: 8ASdhXY!Xy) version: 1 dn: uid=john,ou=people,ou=unix,o=kleinfeld,c=ch userPassword: {MD5}khVDRrTSYMHjTw7V6VEZwg== 2) User Login and change password with 'passwd -r ldap' (Password: 9DnxSF!dKS) version: 1 dn: uid=john,ou=people,ou=unix,o=kleinfeld,c=ch userPassword: {crypt}0vUAwIdPR4X2E
Has someone a idea whats going wrong? I cant track down this problem.
--( nsswitch.conf )--- passwd: compat passwd_compat: files ldap group: files ldap shadow_compat files ldap
--( pam.conf )--- login auth sufficient pam_unix_auth.so.1 login auth required pam_ldap.so.1
rlogin auth sufficient pam_unix_auth.so.1 rlogin auth required pam_ldap.so.1
other auth sufficient pam_unix_auth.so.1 other auth required pam_ldap.so.1
--( /etc/security/policy.conf )--- CRYPT_ALGORITHMS_ALLOW=1,2a,md5 CRYPT_DEFAULT=__unix__
Regards John
On Thu, Dec 18, 2008 at 04:21:19PM +0100, John Gee wrote:
i have a problem with Solaris 10 LDAP password encryption to a OpenLDAP Server. When setting a inital Password with ldapadd login works fine, after the user changed inital Password on a Solaris-Station with 'passwd -r ldap' Solaris commited it with 'password successfully changed for john'. But the user cant login with the new Password.
- Setting initial Password with ldapadd (Password: 8ASdhXY!Xy) version: 1 dn: uid=john,ou=people,ou=unix,o=kleinfeld,c=ch userPassword: {MD5}khVDRrTSYMHjTw7V6VEZwg==
- User Login and change password with 'passwd -r ldap' (Password: 9DnxSF!dKS) version: 1 dn: uid=john,ou=people,ou=unix,o=kleinfeld,c=ch userPassword: {crypt}0vUAwIdPR4X2E
Has someone a idea whats going wrong?
Did you build OpenLDAP with the --enable-crypt option? It will not understand {crypt} format without that.
Andrew
On Thu, Dec 18, 2008 at 03:47:03PM +0000, Andrew Findlay wrote:
On Thu, Dec 18, 2008 at 04:21:19PM +0100, John Gee wrote: Did you build OpenLDAP with the --enable-crypt option? It will not understand {crypt} format without that.
Thank you for this hint. I recompiled OpenLDAP with --enable-crypt now it works perfect.
- John
openldap-technical@openldap.org