[nssldap] how disable shadow map
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
[nssldap] how disable shadow map
- From: "Brian J. Murrell" <brian [at] interlinx.bc.ca>
- To: nssldap [at] padl.com
- Subject: [nssldap] how disable shadow map
- Date: Wed, 21 Oct 2009 11:25:48 -0400
Hi,
I want to disable the shadow map, and specifically, stop the passwd map
from returning "x" in the password field. I use kerberos for
authentication here and thus have no use for shadow, and having the "x"
in the passwd map without a shadow map screws up pam_unix as it thinks
that shadow information should be available and kacks when it cannot
find it.
I noticed from a quick browse of the code:
if (_nss_ldap_oc_check (e, "shadowAccount") == NSS_SUCCESS)
{
/* don't include password for shadowAccount */
if (buflen < 3)
return NSS_TRYAGAIN;
pw->pw_passwd = buffer;
strcpy (buffer, "x");
buffer += 2;
buflen -= 2;
}
else
{
stat =
_nss_ldap_assign_userpassword (e, ATM (LM_PASSWD, userPassword),
&pw->pw_passwd, &buffer, &buflen);
if (stat != NSS_SUCCESS)
return stat;
}
but given that I have no "nss_map_objectclass shadowAccount ..." lines
in my /etc/ldap.conf file, I must be running into some default behaviour
I need to override.
Or maybe I am just barking completely up the wrong tree.
Thots?
b.
- [nssldap] how disable shadow map,
Brian J. Murrell