[Date Prev][Date Next] [Chronological] [Thread] [Top]

Can't get MD5 hashed passwords on SUSE 9.0 box

Hi,

 

I’m pretty new to this, so not sure whether I’m doing something daft or not.  I have a newly installed SUSE 9.0 linux machine with Open LDAP setup and working well enough, except for one or possibly two problems (I’m not sure if they are separate or not).  Whenever I change the password using passwd I get a prompt asking for the LDAP login before I can change the password.  If I give the right LDAP password then I get the usual prompt (twice) to change the password.  When doing this as root I don’t expect to get the LDAP login prompt, though one probably should when doing it as the relevant user (as root I’m using passwd <username>).

 

The bigger problem for me is that having changed the user’s password I find that instead of being stored in the md5crypt format that it was when I initially setup the account and transferred it to the LDAP database it is now in simple crypt format.  My slapd.conf file initially contained

 

password-hash {crypt}

password-crypt-salt-fromat “$1$%.8s”

 

I changed this to just

 

Password-hash {md5}

 

But nothing changed.

 

The ldap.conf file has the line

 

pam_password md5

 

The pam configuration …

 

I started trying to setup each individual pam.d file for pam_ldap.so until I read in one of the SUSE files that the /etc/security/pam_unix2.conf file controls the operation.  This is mine…

 

auth: use_ldap nullok

account: use_ldap

password: use_ldap md5 nullok

session: none

 

This doesn’t really stop the system from working – I can login any user, but I have the odd side effect that it seems that the original passwd file bases password and the new LDAP password both exist and work.  I am concerned however that I am heading for a more difficult problem because I am working towards setting up this machine as a Samba PDC and would suspect that when it comes to keeping passwords in sync I’m going to find it a lot easier if I can solve this problem.

 

I hope someone out there can shed some light on the reasons why this setup is not passing md5crypt or simply md5 hashed passwords to the LDAP database.

 

Thanks for reading

 

Damon