Re: [nssldap] Re: Re: how disable shadow map

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: "Douglas E. Engert" <deengert [at] anl.gov>
To: "Brian J. Murrell" <brian [at] interlinx.bc.ca>
Cc: nssldap [at] padl.com
Subject: Re: [nssldap] Re: Re: how disable shadow map
Date: Mon, 26 Oct 2009 09:50:22 -0500



Brian J. Murrell wrote:

On Fri, 2009-10-23 at 20:16 -0700, Paul B. Henson wrote:

Sorry, I wasn't paying attention to the beginning of this thread, so I
don't recall what OS you're using. Linux variants of pam_unix support the
"broken_shadow" option:

       broken_shadow
           Ignore errors reading shadow information for users in the
           account management module.

Which I think will do exactly what you want, if you're running Linux.


Indeed, it does and I tested that before posting.  But my distro
(Ubuntu) maintainer reports that not having shadow map entries when the
password is "x" is just broken (which given what I have read, I agree)
and I tend to think they will likely refuse to use such hacks and insist
that the breakage be fixed instead.


Well then set the userPassword attributes to "{crypt}NP"
as I described on 10/21. pam_unix will not complain,
and since you are using pam_krb5 for authentication this works
fine with our Ubuntu systems.


I'm starting to feel like I'm pissing up a rope with regard to the basic
bug here though.

b.


--

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444

[nssldap] Re: how disable shadow map, (continued)

Prev by Date: Re: [nssldap] Mega patch against nss_ldap 264
Next by Date: [nssldap] Re: Re: Re: how disable shadow map
Previous by thread: Re: [nssldap] Re: Re: how disable shadow map
Next by thread: [nssldap] Re: Re: Re: how disable shadow map