[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Users cannot change passwords

Sorry -- forgot to send to the list ...

In system-auth, I have the following:

password    required      /lib/security/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/pam_ldap.so use_first_pass
password    sufficient    /lib/security/pam_unix.so nullok use_authtok
md5 shadow use_first_pass
password    required      /lib/security/pam_deny.so

Notice in particular that pam_ldap comes before
pam_unix.  Does that change anything?


Tibbetts, Ric wrote:

I've been staring as this to long.

I have a new OpenLDAP server, running on Solaris 9. The clients are a combination of Solaris, and Redhat 8.0 & 9

Users can authenticate, and log into the clients just fine. But they cannot change their password.

Using the "passwd" command gets the following:

# > passwd
Changing password for <user>
passwd: Authentication token manipulation error
# >

Rather than try to quess at what config files to post, and clog up the list, I put up a quick web site with the relevant config files, and some specifics of software versions, and compile options, etc.

If anyone has a moment, could you take a look at it, and let me know what I missed?

The site is:


Thank you in advance.

NOTE: I can point these same clients to my other LDAP server (running on native Solaris Directory Server), and all works fine. The big difference in configuration between the two is the use of encrypted passwords. The Native Solaris Directory Server is NOT running with encrypted passwords, the OpenLDAP server is.
I suspect this problem to be related to that.

As always, any help will be greatly appreciated!