[prev in list] [next in list] [prev in thread] [next in thread]
List: pamldap
Subject: Re: [pamldap] pam_ldap Old Authtoken lost after prelim
From: jehan.procaccia () int-evry ! Fr
Date: 2001-01-17 9:26:26
[Download RAW message or body]
Mike Warne wrote:
>
> Hi,
> I have been trying to figure out why I can not change passwords.
>
> When I type the passwd command.
> I get prompted for the LDAP password.
> After authentication with LDAP, I get prompted for new password, and confirm
> password.
>
> Then It fails with Permission Denied.
>
> After tracing the pam_ldap.c code a little, I notice that during the
> preliminary phase, pam_set_item is called for the PAM_OLDAUTHTOK.
> On the next call to pam_sm_chauthtok, the call to pam_get_item() for
> PAM_OLDAUTHTOK comes back with curpass set to NULL!
>
> I am not sure if this is normal or not, but I suspect that this may be why
> the next call to _update_authtok (session, username, curpass, newpass,
> method) appears to fail with a return code of 9.
>
> Any thoughts or comments on what could be wrong here?
>
> Thanks,
> Mike Warne
> mwarne@pihana.com
My config might help:
My /etc/pam.d/password file looks like this:
#%PAM-1.0
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so use_first_pass
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
password required /lib/security/pam_cracklib.so retry=3 type=LDAP
debug
password sufficient /lib/security/pam_ldap.so use_authtok
password required /lib/security/pam_pwdb.so try_first_pass md5
and It works fine :-), but only with unix {crypt} not with {md5}
password !?
pam_cracklib.so prompt for a new password (check the strength of the
password), then control is passes to pam_ldap.so which uses the password
just type ( thanks to use_authtok option) and that is "sufficient" I
guess !.
--
Jehan Procaccia
Institut National des Telecommunications| Email :
Jehan.Procaccia@int-evry.fr
9 rue Charles Fourier | Tel : +33 (0) 160764436
91011 Evry France | Fax : +33 (0) 160764321
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic