[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pamldap
Subject:    Re: [pamldap] Revisited: Criteria for SHA userPassword
From:       "Andrew A. Raines" <drew () phg ! mc ! vanderbilt ! edu>
Date:       2003-05-02 21:33:39
[Download RAW message or body]

"Michael A. Dickerson" <mikey@cs.pomona.edu> writes:

> It sounds like probably pam_ldap is not working at all and you
> are only able to log in with nssldap, which is just reading the
> password field and not trying to bind--hence nssldap would be
> sensitive to your choice of hash.

This looks correct.  I didn't know nss would take over if PAM was
failing--especially with a PAM-enabled OpenSSH.

> Are you using simple binds, or SASL?  Can you bind using some
> other client tool such as ldapsearch?

Simple auth.  (I haven't delved into the world of SASL yet.  Is it
worth the trouble?)

OK, an `ldapsearch -x -D dn -W' worked, so I suspect you're
suspicion is right.  I'm trying to rebuild OpenSSL right now, which
is what's keeping me from compiling a newer version of pam_ldap.

Thanks for the response.

-- 
Drew

[prev in list] [next in list] [prev in thread] [next in thread]