[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: anyone using Irix clients?

On Thu, 2003-07-31 at 14:22, Rigler, Steve wrote:
> Hi Greg,
> I've been testing Irix clients for a few months now.

thats good to hear...

> To get mine working I had to setup a proxyaccount with read access to
> userPassword attributes and configured the clients to bind with that
> account in /var/ns/ldap.conf.

I already have this set up, using it for all authentication on linux and
solaris. I can confirm that Irix binds with this proxy account, and
receives passwords (seen them on the wire and in the nsd maps).

> I also had to add to ldap.conf:
> regsub  USERPASSWORD{{crypt\}|{CRYPT\}}{}
> Other relevant entries (the only thing that's changed is the USERPASSWORD attribute):
> table           passwd.byname
> filter_lookup   (&(OBJECTCLASS=POSIXACCOUNT)(UID=%s))
> table           shadow.byname
> filter_lookup   (&(OBJECTCLASS=SHADOWACCOUNT)(UID=%s))
> require         USERPASSWORD

I've changed ldap.conf to look like this. and even changed passwd.byuid
to put in ** instead of the {crypt}<password>

> Check how the maps looks with nsadmin (ie nsadmin cat passwd).

they look good, as far as I can tell, altho the  shadow map contains
{crypt} or {CRYPT} before every password - is that right or should the
regsub strip that out?
# nsadmin match shadow abc
abc:{CRYPT}<crypted password>:::::::

many thanks


> -Steve

Greg Matthews
iTSS Wallingford	01491 692445