[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5983) ldappasswd returns "Additional info: password hash failed" in Solaris 10 SPARC

so I finally found what's the problem.

I run openldap in chroot. In Solaris, function lutil_entropy() uses 
/dev/urandom (if configure script finds it which is my case) to generate 
random strings for salt. Since in chroot it was not able to open 
/dev/urandom since it was not existent in chroot jail and there is no 
any error message loged in the lutil_entropy() when open() returns value 
<0. it simply returns up to calling function. Once I mknod dev/urandom 
in chroot everything started to work properly.

So it is definately not the bug nor is it compiler flaw.

Not sure if it's required by coding standards but I would log some 
informative message if function fails to open a device apart from very 
generic "implementation specific" message.

Thanks all for help,


ando@sys-net.it wrote:
> mariusp44@gmail.com wrote:
>> sorry, if I was misunderstood. I am not asking to do my legwork. Just 
>> trying to understand what is going wrong. Sorry, if it seemed that way.
>> I installed Sun Studio 12 (latest) and the problem is the same. I don't 
>> think Sun Studio is not working compiler. Just looks very unlikely. IT 
>> compiles everything without single problem. both 32 and 64 bit memory 
>> models.
>> Perhaps I was not entirely clear. Weird thing is that it is only not 
>> working when changing password using ldappasswd and hash is set to SMD5 
>> SSHA or CRYPT. If I manually change the password setting userPassword 
>> after generating it with slappasswd using say SSHA, it works fine. I 
>> mean user can bind using password that is stored in SSHA or SMD5. That 
>> tells me that slapd can still do encryption properly and check against 
>> hashes in question. At some point it needs to generate a hash and does 
>> it properly. Only when slapd is asked to change a password with 
>> ldappasswd it is unable to generate proper hash. Unless process is 
>> entirely different when changing password and authorizing against password.
>> I am not insisting it is a bug in slapd code. But I am running out of 
>> ideas what else could be wrong and was just hoping that somebody else is 
>> using openldap on the same architecture and perhaps experienced 
>> something similar.
> Since no one else is seeing the problem, I already recommended that you 
> step in the (non-optimized) code with a debugger and see why this 
> happens.  The right place to start is slap_passwd_hash_type(), whose 
> failure is setting the error message you see.
> p.
> Ing. Pierangelo Masarati
> OpenLDAP Core Team
> SysNet s.r.l.
> via Dossi, 8 - 27100 Pavia - ITALIA
> http://www.sys-net.it
> -----------------------------------
> Office:  +39 02 23998309
> Mobile:  +39 333 4963172
> Fax:     +39 0382 476497
> Email:   ando@sys-net.it
> -----------------------------------