[Date Prev][Date Next]
Re: pam_ldap and login
This is really a pam or pam_ldap issue, however, and this page might
point you in a better direction.
Mike Brodbelt wrote:
Using OpenLDAP 2.0.23, I've got an LDAP directory set up, and I've
installed pam_ldap and nss_ldap on the machine. I've fiddled with the
PAM config files so that su/login/ftp/ssh/cron/passwd all work as
expected, on information stored in LDAP, but I've got one outstanding
The local /etc/passwd contains the root user account - this is the way I
want it, so at least root can log in and do stuff if LDAP isn't working.
However, I can't get it working so that root and LDAP users can change
passwords. However I change the /etc/pam.d/passwd file, I can get either
LDAP password changing working, or local, but not both. I want it to
attempt to change the password in LDAP first, and then fall back to
local password changing if the user doesn't exist in LDAP, but it won't
password sufficient pam_ldap.so
password required pam_unix.so nullok obscure min=4 max=8 md5
You are missing "use_authtok".
About the above, I would probably have pam_unix before pam_ldap. What
order you have the two (pam_ldap and pam_unix) should be the same for
It might also be good to specify which Linux distribution and what
version you are using next time...
For an user in LDAP, but not in /etc/passwd:-
[fred@nunki fred]$ passwd
Enter login(LDAP) password:
Re-enter new password:
LDAP password information changed for fred
passwd: password updated successfully
[root@nunki pam.d]# passwd
passwd: Authentication information cannot be recovered
Any help would be much appreciated.