[Date Prev][Date Next]
Re: (ITS#5983) ldappasswd returns "Additional info: password hash failed" in Solaris 10 SPARC
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#5983) ldappasswd returns "Additional info: password hash failed" in Solaris 10 SPARC
- From: email@example.com
- Date: Tue, 10 Mar 2009 05:25:58 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
so I finally found what's the problem.
I run openldap in chroot. In Solaris, function lutil_entropy() uses
/dev/urandom (if configure script finds it which is my case) to generate
random strings for salt. Since in chroot it was not able to open
/dev/urandom since it was not existent in chroot jail and there is no
any error message loged in the lutil_entropy() when open() returns value
<0. it simply returns up to calling function. Once I mknod dev/urandom
in chroot everything started to work properly.
So it is definately not the bug nor is it compiler flaw.
Not sure if it's required by coding standards but I would log some
informative message if function fails to open a device apart from very
generic "implementation specific" message.
Thanks all for help,
> firstname.lastname@example.org wrote:
>> sorry, if I was misunderstood. I am not asking to do my legwork. Just
>> trying to understand what is going wrong. Sorry, if it seemed that way.
>> I installed Sun Studio 12 (latest) and the problem is the same. I don't
>> think Sun Studio is not working compiler. Just looks very unlikely. IT
>> compiles everything without single problem. both 32 and 64 bit memory
>> Perhaps I was not entirely clear. Weird thing is that it is only not
>> working when changing password using ldappasswd and hash is set to SMD5
>> SSHA or CRYPT. If I manually change the password setting userPassword
>> after generating it with slappasswd using say SSHA, it works fine. I
>> mean user can bind using password that is stored in SSHA or SMD5. That
>> tells me that slapd can still do encryption properly and check against
>> hashes in question. At some point it needs to generate a hash and does
>> it properly. Only when slapd is asked to change a password with
>> ldappasswd it is unable to generate proper hash. Unless process is
>> entirely different when changing password and authorizing against password.
>> I am not insisting it is a bug in slapd code. But I am running out of
>> ideas what else could be wrong and was just hoping that somebody else is
>> using openldap on the same architecture and perhaps experienced
>> something similar.
> Since no one else is seeing the problem, I already recommended that you
> step in the (non-optimized) code with a debugger and see why this
> happens. The right place to start is slap_passwd_hash_type(), whose
> failure is setting the error message you see.
> Ing. Pierangelo Masarati
> OpenLDAP Core Team
> SysNet s.r.l.
> via Dossi, 8 - 27100 Pavia - ITALIA
> Office: +39 02 23998309
> Mobile: +39 333 4963172
> Fax: +39 0382 476497
> Email: email@example.com