[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SASL and PAM based password changing

--On Samstag, 2. Februar 2002 12:53 +0530 Shanker Balan <shanu@exocore.com> wrote:


I got SASL going with OpenLDAP. How is password changing to be handled
when the passwords are being stored in sasldb?

With saslpasswd. OpenLDAP doesn't propagate password changes.

And in slapd.conf, "password-hash {crypt}" is commented out:

# The <hash> to use for userPassword generation.
# password-hash   {crypt}

Despite this, the userPassword attribute ends up with a {SSHA} password
if passwords are changed using PAM (/usr/bin/passwd). The pam_ldap is
using OpenLDAP extended operation for changing passwords, but OpenLDAP
seems to be using its default hashing algo (SSHA) and not honoring the
{SASL} of the entry.

Well, if you don't specify an option, its default value should be used, shouldn't it?

Norbert Klasen, Dipl.-Inform.
DAASI International GmbH                 phone: +49 7071 29 70336
Wilhelmstr. 106                          fax:   +49 7071 29 5114
72074 Tübingen                           email: norbert.klasen@daasi.de
Germany                                  web:   http://www.daasi.de