Re: Upgrade from 0.7 to 0.8 having auth problems

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Andy Colson <andy [at] squeakycode.net>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: Upgrade from 0.7 to 0.8 having auth problems
Date: Tue, 20 Nov 2012 12:36:56 -0600

On 11/20/2012 10:26 AM, Andy Colson wrote:


<SNIP>  This used to work ok on 0.7.  Is there
something that might have changed in 0.8 that might cause this?

Thanks for your time,

-Andy


according to this:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=604147

Failing that you can put this in nslcd.conf to avoid exposing password
hashes through nslcd:

map passwd userPassword "x"
map shadow userPassword "*"

(I'm thinking about making this the default in later releases of
nss-pam-ldapd)

Indeed that looks to be the case. When I run "getent passwd" or "getentshadow" all I get back are *'s. This is different from 0.7.


On the server, in slapd.conf I have:

access to attrs=userPassword
  by anonymous auth
  by users read
  by self write
  by * none

The "by users read" is required, otherwise nothing works. neither 0.7or 0.8. I'm guessing its because Slackware doesn't use PAM? The loginprogram is pulling the password back and comparing it? (as opposed tosending the password to openldap on the server for compare).


... so ... now what do I do?

-Andy

--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Upgrade from 0.7 to 0.8 having auth problems, Andy Colson
- Re: Upgrade from 0.7 to 0.8 having auth problems, Andy Colson

Prev by Date: Upgrade from 0.7 to 0.8 having auth problems
Next by Date: Re: Upgrade from 0.7 to 0.8 having auth problems
Previous by thread: Upgrade from 0.7 to 0.8 having auth problems
Next by thread: Re: Upgrade from 0.7 to 0.8 having auth problems