[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: passwords disappear

To: "Bidwell, Matt" <Matt.Bidwell@nrel.gov>
Subject: Re: passwords disappear
From: Dan White <dwhite@olp.net>
Date: Fri, 10 Jun 2011 19:27:26 -0500
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Content-disposition: inline
In-reply-to: <F3F815C07462A840B98DAB83D0FE583533B862DE09@MAILBOX1.nrel.gov>
References: <F3F815C07462A840B98DAB83D0FE583533B862DE09@MAILBOX1.nrel.gov>
User-agent: Mutt/1.5.21 (2010-09-15)

On 10/06/11 17:56 -0600, Bidwell, Matt wrote:

If a user changes passwords on and ldap client machine, the shadow
entry disappears.  This is true for all hash methods except for
{CRYPT}.


Do you mean that the userPassword attribute disappears, or one of the
shadow* attributes? Or do you mean that you can no longer see the user with
'getent shadow' on the client system?

Clearly I would like {SSHA} or {MD5} over {CRYPT}.  The client machines
are pretty standard RHEL 5 machines. I have exop in the config on the
client. Setting the password on the LDAP server works correctly.  Running
the server in debug didn't make anything jump out at me. Anyone have any
ideas? Perhaps I'm missing an ACL I don't know about.


Can you reproduce the problem using ldappasswd on the client?

Can you provide (sanitized) examples of what good and bad ldap user entries
look like?

What pam/nss software are you running on the clients?

--
Dan White

References:
- passwords disappear
  - From: "Bidwell, Matt" <Matt.Bidwell@nrel.gov>

Prev by Date: passwords disappear
Next by Date: Re: Client App and STARTLS auth
Index(es):
- Chronological
- Thread