[Date Prev][Date Next] [Chronological] [Thread] [Top]

SASL and PAM based password changing


I got SASL going with OpenLDAP. How is password changing to be handled
when the passwords are being stored in sasldb?

Currently, I have "pam_password exop" set in my pam_ldap.conf:

# Use the OpenLDAP password change
# extended operation to update the password.
pam_password exop

And in slapd.conf, "password-hash {crypt}" is commented out:

#The <hash> to use for userPassword generation.
#password-hash   {crypt}

Despite this, the userPassword attribute ends up with a {SSHA} password
if passwords are changed using PAM (/usr/bin/passwd). The pam_ldap is
using OpenLDAP extended operation for changing passwords, but OpenLDAP
seems to be using its default hashing algo (SSHA) and not honoring the
{SASL} of the entry.

Any help appreciated.

-- Shanu

Today when a man gets married he gets a home, a housekeeper, a cook, a
cheering squad and another paycheck.  When a woman marries, she gets a