Re: libpam_ldap question and password change

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: libpam_ldap question and password change
Date: Wed, 17 Feb 2010 21:52:35 +0100

On Tue, 2010-02-16 at 14:38 +0100, Bas van der Vlies wrote:
> I am trying to replace the PADL libpam_ldap software. My setup is:
>   debian: lenny
>   openldap: 2.4.11-1+lenny1
>   nss-ldap: 0.7.2
> 
> I can login on the node with a LDAP user. The only problem is that i
> can not change my password with this new pam_ldap module.
[...]
> With the PADL pam_ldap module we can change the password but only the
> new password is sent:
[...]
> Did i missed an option or is this a bug?

This may be a bug but the exact working of the LDAP password modify EXOP
request is scarcely document (RFC 3062 contains the most useful
information).

Anyway, I have changed the code to first try a password modification
without the old password and if that fails retry it with the old
password. Attached is a patch against 0.7.2 (also contains some other
changes to that function that were applied).

Perhaps this can be further improved. Comments are welcome.

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

Attachment: nss-pam-ldapd-without-oldpasswd-first.patch
Description: Text Data

--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users

libpam_ldap question and password change, Bas van der Vlies
- Re: libpam_ldap question and password change, Arthur de Jong

Prev by Date: libpam_ldap question and password change
Next by Date: Re: libpam_ldap question and password change
Previous by thread: libpam_ldap question and password change
Next by thread: Re: libpam_ldap question and password change