[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL and PAM based password changing

To: OpenLDAP-Software <openldap-software@OpenLDAP.org>
Subject: SASL and PAM based password changing
From: Shanker Balan <shanu@exocore.com>
Date: Sat, 2 Feb 2002 12:53:54 +0530
Content-disposition: inline
Organisation: Exocore Consulting (P) Ltd <http://www.exocore.com>
User-agent: Mutt/1.3.27i

Hello:

I got SASL going with OpenLDAP. How is password changing to be handled
when the passwords are being stored in sasldb?

Currently, I have "pam_password exop" set in my pam_ldap.conf:

# Use the OpenLDAP password change
# extended operation to update the password.
pam_password exop


And in slapd.conf, "password-hash {crypt}" is commented out:

#The <hash> to use for userPassword generation.
#password-hash   {crypt}


Despite this, the userPassword attribute ends up with a {SSHA} password
if passwords are changed using PAM (/usr/bin/passwd). The pam_ldap is
using OpenLDAP extended operation for changing passwords, but OpenLDAP
seems to be using its default hashing algo (SSHA) and not honoring the
{SASL} of the entry.

Any help appreciated.

-- Shanu

-- 
Today when a man gets married he gets a home, a housekeeper, a cook, a
cheering squad and another paycheck.  When a woman marries, she gets a
boarder.

Follow-Ups:
- Re: SASL and PAM based password changing
  - From: Norbert Klasen <norbert.klasen@daasi.de>

Prev by Date: Search using indexed attributtes
Next by Date: LDAP-ADD client program!!!
Index(es):
- Chronological
- Thread