[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL and PAM based password changing

To: Shanker Balan <shanu@exocore.com>, OpenLDAP-Software <openldap-software@OpenLDAP.org>
Subject: Re: SASL and PAM based password changing
From: Norbert Klasen <norbert.klasen@daasi.de>
Date: Thu, 07 Feb 2002 14:38:43 +0100
Content-disposition: inline
In-reply-to: <20020202072354.GB3124@exocore.com>
References: <20020202072354.GB3124@exocore.com>

--On Samstag, 2. Februar 2002 12:53 +0530 Shanker Balan <shanu@exocore.com> wrote:

Hello:

I got SASL going with OpenLDAP. How is password changing to be handled
when the passwords are being stored in sasldb?


With saslpasswd. OpenLDAP doesn't propagate password changes.

And in slapd.conf, "password-hash {crypt}" is commented out:

# The <hash> to use for userPassword generation.
# password-hash   {crypt}

Despite this, the userPassword attribute ends up with a {SSHA} password
if passwords are changed using PAM (/usr/bin/passwd). The pam_ldap is
using OpenLDAP extended operation for changing passwords, but OpenLDAP
seems to be using its default hashing algo (SSHA) and not honoring the
{SASL} of the entry.

Well, if you don't specify an option, its default value should be used, shouldn't it?

--
Norbert Klasen, Dipl.-Inform.
DAASI International GmbH                 phone: +49 7071 29 70336
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de

Follow-Ups:
- Re: SASL and PAM based password changing
  - From: Shanker Balan <shanu@exocore.com>

References:
- SASL and PAM based password changing
  - From: Shanker Balan <shanu@exocore.com>

Prev by Date: Re: Support of Kerberos V5 safe and private messages for LDAP
Next by Date: Re: Search all attributes
Index(es):
- Chronological
- Thread