[nssldap] how disable shadow map

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: "Brian J. Murrell" <brian [at] interlinx.bc.ca>
To: nssldap [at] padl.com
Subject: [nssldap] how disable shadow map
Date: Wed, 21 Oct 2009 11:25:48 -0400

Hi,

I want to disable the shadow map, and specifically, stop the passwd map
from returning "x" in the password field.  I use kerberos for
authentication here and thus have no use for shadow, and having the "x"
in the passwd map without a shadow map screws up pam_unix as it thinks
that shadow information should be available and kacks when it cannot
find it.

I noticed from a quick browse of the code:

if (_nss_ldap_oc_check (e, "shadowAccount") == NSS_SUCCESS)
  {
      /* don't include password for shadowAccount */
      if (buflen < 3)
        return NSS_TRYAGAIN;

      pw->pw_passwd = buffer;
      strcpy (buffer, "x");
      buffer += 2;
      buflen -= 2;
    }
  else
    {
      stat =
        _nss_ldap_assign_userpassword (e, ATM (LM_PASSWD, userPassword),
                                       &pw->pw_passwd, &buffer, &buflen);
      if (stat != NSS_SUCCESS)
        return stat;
    }

but given that I have no "nss_map_objectclass shadowAccount ..." lines
in my /etc/ldap.conf file, I must be running into some default behaviour
I need to override.

Or maybe I am just barking completely up the wrong tree.

Thots?
b.

[nssldap] how disable shadow map, Brian J. Murrell

Re: [nssldap] how disable shadow map, Douglas E. Engert

<Possible follow-ups>
[nssldap] how disable shadow map, Brian J. Murrell
- Re: [nssldap] how disable shadow map, Buchan Milne
  - Re: [nssldap] how disable shadow map, Guillaume Rousse

Prev by Date: [nssldap] Does nss_ldap support user/group name mangling?
Next by Date: [nssldap] how disable shadow map
Previous by thread: [nssldap] Does nss_ldap support user/group name mangling?
Next by thread: Re: [nssldap] how disable shadow map