Re: [nssldap] Re: Re: how disable shadow map
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] Re: Re: how disable shadow map
- From: "Douglas E. Engert" <deengert [at] anl.gov>
- To: "Brian J. Murrell" <brian [at] interlinx.bc.ca>
- Cc: nssldap [at] padl.com
- Subject: Re: [nssldap] Re: Re: how disable shadow map
- Date: Mon, 26 Oct 2009 09:50:22 -0500
Brian J. Murrell wrote:
On Fri, 2009-10-23 at 20:16 -0700, Paul B. Henson wrote:
Sorry, I wasn't paying attention to the beginning of this thread, so I
don't recall what OS you're using. Linux variants of pam_unix support the
"broken_shadow" option:
broken_shadow
Ignore errors reading shadow information for users in the
account management module.
Which I think will do exactly what you want, if you're running Linux.
Indeed, it does and I tested that before posting. But my distro
(Ubuntu) maintainer reports that not having shadow map entries when the
password is "x" is just broken (which given what I have read, I agree)
and I tend to think they will likely refuse to use such hacks and insist
that the breakage be fixed instead.
Well then set the userPassword attributes to "{crypt}NP"
as I described on 10/21. pam_unix will not complain,
and since you are using pam_krb5 for authentication this works
fine with our Ubuntu systems.
I'm starting to feel like I'm pissing up a rope with regard to the basic
bug here though.
b.
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
- [nssldap] Re: how disable shadow map, (continued)
[nssldap] [solved] how disable shadow map,
Brian J. Murrell