pam_ldapd problem

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Anton Helwart <ahelwart [at] math.uni-bielefeld.de>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: pam_ldapd problem
Date: Fri, 8 Jun 2012 11:09:07 +0200

Hi, 

I'm using pam_ldapd on Ubuntu 12.04 and have a problem with the passwd
command. 

My /etc/pam.d/common-password looks like this: 

password        required        pam_cracklib.so retry=3 minlen=8 difok=3
password        required        pam_ldap.so use_authtok debug

If I run passwd and enter a wrong ldap password, I still get asked for
a new password by cracklib. 

It looks like this on the command line: 

$> passwd 
(current) LDAP Password: 
New password: 
Retype new password: 
password change failed: Invalid credentials
passwd: Permission denied
passwd: password unchanged


And this is what I get in /var/log/auth.log: 

Jun  8 10:57:52 host1 passwd[16139]: pam_ldap(passwd:chauthtok): nslcd
account check; user=username 

Jun  8 10:57:54 host1 passwd[16139]: pam_ldap(passwd:chauthtok): nslcd
authentication; user=username

Jun  8 10:57:54 host1 passwd[16139]: pam_ldap(passwd:chauthtok):
Authentication failure; user=username

Jun  8 10:57:58 host1 passwd[16139]: pam_ldap(passwd:chauthtok): nslcd
password modify; user=username

Jun  8 10:57:58 host1 passwd[16139]: pam_ldap(passwd:chauthtok):
password change failed: password change failed: Invalid credentials;
user=username


If I use pam_unix, passwd just stops when I enter a wrong password: 

password        required        pam_cracklib.so retry=3 minlen=8
difok=3  
password        required        pam_unix.so use_authtok debug 


$> passwd 
Changing password for dummy.
(current) UNIX password: 
passwd: Authentication failure
passwd: password unchanged


In auth.log: 

Jun  8 11:05:24 host1 passwd[16588]: pam_unix(passwd:chauthtok):
username [dummy] obtained 

Jun  8 11:05:27 host1 passwd[16588]:
pam_unix(passwd:chauthtok): authentication failure; logname=dummy
uid=1000 euid=0 tty= ruser= rhost=  user=dummy



Does someone know if there is a way to solve this? 


Greetings, 
Anton

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

pam_ldapd problem, Anton Helwart

Re: pam_ldapd problem, Anton Helwart
- Re: pam_ldapd problem, Arthur de Jong

Prev by Date: RE: Using two differents LDAPS
Next by Date: --disable-nslcd, nssov, and local user lookups
Previous by thread: RE: Using two differents LDAPS
Next by thread: Re: pam_ldapd problem