[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: 'pam_password exop' problems

To: John Dalbec <jpdalbec@cc.ysu.edu>
Subject: Re: 'pam_password exop' problems
From: Andreas Hasenack <andreas@conectiva.com.br>
Date: Wed, 29 Aug 2001 13:13:27 -0300
Cc: openldap-software@OpenLDAP.org
Content-disposition: inline
In-reply-to: <3B8D1008.824DEF70@cc.ysu.edu>; from jpdalbec@cc.ysu.edu on Wed, Aug 29, 2001 at 11:53:44AM -0400
References: <3B8D1008.824DEF70@cc.ysu.edu>
User-agent: Mutt/1.3.17i

Em Wed, Aug 29, 2001 at 11:53:44AM -0400, John Dalbec escreveu:

(...)

>   0000:  30 2b 02 01 06 78 26 0a  01 35 04 00 04 1f 75 73   0+...x&..5....us  
>   0010:  65 20 62 69 6e 64 20 74  6f 20 76 65 72 69 66 79   e bind to verify  
>   0020:  20 6f 6c 64 20 70 61 73  73 77 6f 72 64             old password     

(...)

> Do I just need to update pam_ldap.so?

I reported this to the pam_ldap list, but it seems it's not in the latest
releases (but I could be wrong, I haven't updated for a while now). 
pam_ldap is supplying the old password during the exop, it shouldn't.
The bind step is sufficient to verify the old password.

Here is what I did to may pam_ldap and it worked fine ever since using exop:

--- pam_ldap-118/pam_ldap.c~	Tue Jun 26 20:29:20 2001
+++ pam_ldap-118/pam_ldap.c	Wed Jun 27 17:52:58 2001
@@ -2190,7 +2190,7 @@
       ber_printf (ber, "{");
       ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_ID,
 		  session->info->userdn);
-      ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD, old_password);
+/*      ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_OLD, old_password);*/
       ber_printf (ber, "ts", LDAP_TAG_EXOP_X_MODIFY_PASSWD_NEW, new_password);
       ber_printf (ber, "N}");

References:
- 'pam_password exop' problems
  - From: John Dalbec <jpdalbec@cc.ysu.edu>

Prev by Date: 'pam_password exop' problems
Next by Date: Re: authentication
Index(es):
- Chronological
- Thread