[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-directory-users
Subject: [Fedora-directory-users] Root changing user password
From: "Greg Copeland" <GCopeland () efjohnson ! com>
Date: 2006-10-26 15:04:34
Message-ID: 273A72C669F45B4996896A031B88CCEF3022F3 () EFJDFWMX01 ! EFJDFW ! local
[Download RAW message or body]
I've quickly checked the archive and I can find people having trouble
with users changing their own password but not the other way around.
Here, users can change their own password without issue but root fails.
What do I need to do to allow root, using the passwd command on RHES 4,
to change user passwords?
I've tried setting rootbinddn in my /etc/ldap.conf file. Without an
/etc/ldap.secret file, I observe an error in my logs, complaining about
the missing ldap.secret file. When I create it, the error goes away but
the passwd command still fails with, "passwd: Authentication token
manipulation error". In the logs I can observe, "passwd[23689]:
pam_ldap: error trying to bind (Invalid credentials)." I've tried
placing the admin password in cleartext, and base64 in the ldap.secret
file.
Frankly, I'd rather root be prompted for the LDAP admin password than
the password be stored in a file anyways. Is this possible?
Long of the short, what do I need to configure to allow root to change
other user's LDAP passwords?
Best Regards,
Greg Copeland
[Attachment #3 (text/html)]
<html xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 11">
<meta name=Originator content="Microsoft Word 11">
<link rel=File-List href="cid:filelist.xml@01C6F8E6.232F0B50">
<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:WordDocument>
<w:GrammarState>Clean</w:GrammarState>
<w:DocumentKind>DocumentEmail</w:DocumentKind>
<w:EnvelopeVis/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
</w:Compatibility>
<w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel>
</w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" LatentStyleCount="156">
</w:LatentStyles>
</xml><![endif]-->
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{mso-style-parent:"";
margin:0in;
margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:12.0pt;
font-family:"Times New Roman";
mso-fareast-font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;
text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;
text-underline:single;}
span.EmailStyle17
{mso-style-type:personal-compose;
mso-style-noshow:yes;
mso-ansi-font-size:10.0pt;
mso-bidi-font-size:10.0pt;
font-family:Arial;
mso-ascii-font-family:Arial;
mso-hansi-font-family:Arial;
mso-bidi-font-family:Arial;
color:windowtext;}
span.GramE
{mso-style-name:"";
mso-gram-e:yes;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;
mso-header-margin:.5in;
mso-footer-margin:.5in;
mso-paper-source:0;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Times New Roman";
mso-ansi-language:#0400;
mso-fareast-language:#0400;
mso-bidi-language:#0400;}
</style>
<![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple style='tab-interval:.5in'>
<div class=Section1>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'>I’ve
quickly checked the archive and I can find people having trouble with users
changing their own password but not the other way around.<span
style='mso-spacerun:yes'> </span>Here, users can change their own
password without issue but root fails.<span style='mso-spacerun:yes'>
</span>What do I need to do to allow root, using the passwd command on RHES 4,
to change user passwords?<o:p></o:p></span></p>
<p class=MsoNormal><span \
style='font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'>I’ve
tried setting rootbinddn in my /etc/ldap.conf file.<span
style='mso-spacerun:yes'> </span>Without <span class=GramE>an</span>
/etc/ldap.secret file, I observe an error in my logs, complaining about the
missing ldap.secret file.<span style='mso-spacerun:yes'> </span>When I
create it, the error goes away but the passwd command still fails with,
“passwd: Authentication token manipulation error”.<span
style='mso-spacerun:yes'> </span>In the logs I can observe, “<span
class=GramE>passwd[</span>23689]: pam_ldap: error trying to bind (Invalid
credentials).”<span style='mso-spacerun:yes'> </span>I’ve
tried placing the admin password in <span class=GramE>cleartext,</span> and
base64 in the ldap.secret file.<o:p></o:p></span></p>
<p class=MsoNormal><span \
style='font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'>Frankly,
I’d rather root be prompted for the LDAP admin password than the password
be stored in a file anyways.<span style='mso-spacerun:yes'> </span>Is
this possible?<o:p></o:p></span></p>
<p class=MsoNormal><span \
style='font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial'>Long of the
short, what do I need to configure to allow root to change other user’s
LDAP passwords?<o:p></o:p></span></p>
<p class=MsoNormal><span \
style='font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></p>
<p class=MsoNormal><span \
style='font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></p>
<p class=MsoNormal><span \
style='font-size:10.0pt;font-family:Arial'><o:p> </o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial;mso-no-proof:
yes'>Best Regards,</span><span style='mso-no-proof:yes'><o:p></o:p></span></p>
<p class=MsoNormal><span style='mso-no-proof:yes'> <o:p></o:p></span></p>
<p class=MsoNormal><span style='font-size:10.0pt;font-family:Arial;mso-no-proof:
yes'>Greg Copeland</span><span style='mso-no-proof:yes'><o:p></o:p></span></p>
<p class=MsoNormal><span style='mso-no-proof:yes'> </span><o:p></o:p></p>
<p class=MsoNormal><o:p> </o:p></p>
</div>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic