[PLUG] passwd hash when using openldap
Galen Seitz
galens at seitzassoc.com
Tue Jun 24 04:43:22 UTC 2008
I've got a CentOS 5 machine running with openldap for authentication.
It's mostly working, but I'm puzzled as to why passwords are being
saved in crypt form. I used authconfig to select ldap and md5, yet
when I use passwd to change a password the corresponding ldap entry
looks like userPassword: {crypt}... This is true regardless of
whether root or a normal user changes the password. Any ideas as to
what I'm doing wrong?
Also, I'm still not clear on the distinction between /etc/ldap.conf
and /etc/openldap/ldap.conf.
thanks,
galen
last line of /etc/ldap.conf:
pam_password md5
/etc/sysconfig/authconfig:
USEWINBINDAUTH=no
USEKERBEROS=no
USESYSNETAUTH=no
FORCESMARTCARD=no
USESMBAUTH=no
USESMARTCARD=no
USELDAPAUTH=yes
USEPASSWDQC=no
USEWINBIND=no
USESHADOW=yes
USEDB=no
USEHESIOD=no
USELDAP=yes
USEMD5=yes
USELOCAUTHORIZE=no
USECRACKLIB=yes
USENIS=no
/etc/pam.d/system-auth:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth sufficient pam_ldap.so use_first_pass
auth required pam_deny.so
account required pam_unix.so broken_shadow
account sufficient pam_succeed_if.so uid < 500 quiet
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass
use_authtok
password sufficient pam_ldap.so use_authtok
password required pam_deny.so
session optional pam_keyinit.so revoke
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session required pam_unix.so
session optional pam_ldap.so
More information about the PLUG
mailing list