[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP and PAM, does passwd change passes?

To: Jason Hammerschmidt <Jason.Hammerschmidt@maclaren.com>
Subject: Re: OpenLDAP and PAM, does passwd change passes?
From: Paulo Matos <pjsm@fct.unl.pt>
Date: Tue, 3 Apr 2001 22:49:15 +0100 (WEST)
Cc: <openldap-software@OpenLDAP.org>
In-reply-to: <01d401c0bc45$26369310$c63ee1cc@jasonhw2k>

On Tue, 3 Apr 2001, Jason Hammerschmidt wrote:

> The real question...
> If I change my password (say using passwd on the local system), will PAM (or
> other mechanisms) change the LDAP passwords?  (I no longer have a working
> LDAP server to try out with).
	Yes! You can configure pam to use pam_ldap thus accessing LDAP
server.

> Other questions that bug me right now...
> The password in OpenLDAP is not stored in an encrypted form right?
	No, it's not right! You can configure which cipher you to use or
simple plain text.

> So you have to tightly secure the box so no one grabs the local systems LDAP
> database files or you're messed right?
	Even after what I said before, this time you're right.
You can't afford to loose your passwords even if they are encrypted ;)

> If authenticating on box A setup to use authentication via LDAP on box B, is
> the network chatter between the boxes encrypted?
	Only if you use SSL! You can configure pam_ldap from box A to
access via ldaps (ldap over SSL) to box B.

> Anyone have smart ideas on using seperate password files and schemas from
> seperate programs and somehow have what seems to be a unified password
> change?  The best I can think of is to write a CGI, have it call a shell
> script that changes each password file seperately, and enforce a policy that
> you only change your pass via that CGI.
	I don't know exactly the behavior of the LDAP server respecting
concurrency at password changes. Someone could answer to that?
	But if there's no problem. You can use ldap server and change
password wherever you log in (assuming that you have several boxes
authentifying users through ldap server).

> What's the price of tea in China?
	I'm from the opposite side of the world, but my wild guess is that
would be cheap... :)

-- 
	Paulo Matos
 ----------------------------------- ----------------------------------
|Sys & Net Admin                    | Serviço de Informática           |
|Faculdade de Ciências e Tecnologia | Tel: +351-21-2941346             |
|Universidade Nova de Lisboa        | Fax: +351-21-2948548             |
|P-2825-114 Caparica                | e-Mail: pjsm@fct.unl.pt          |
 ----------------------------------- ----------------------------------

References:
- OpenLDAP and PAM, does passwd change passes?
  - From: "Jason Hammerschmidt" <Jason.Hammerschmidt@maclaren.com>

Prev by Date: Re: Multiple Master - CVS?
Next by Date: Re: OpenLDAP + autofs integration
Index(es):
- Chronological
- Thread