From owner-freebsd-questions@FreeBSD.ORG  Sun Oct 12 12:12:51 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C58D01065688
	for <freebsd-questions@freebsd.org>;
	Sun, 12 Oct 2008 12:12:51 +0000 (UTC)
	(envelope-from gulenler@boun.edu.tr)
Received: from pelikan3.cc.boun.edu.tr (pelikan3.cc.boun.edu.tr
	[193.140.192.28])
	by mx1.freebsd.org (Postfix) with ESMTP id 796F98FC16
	for <freebsd-questions@freebsd.org>;
	Sun, 12 Oct 2008 12:12:51 +0000 (UTC)
	(envelope-from gulenler@boun.edu.tr)
Received: from pelikan3.cc.boun.edu.tr (unknown [127.0.0.1])
	by pelikan3.cc.boun.edu.tr (Symantec Mail Security) with ESMTP id
	9F826AE8388 for <freebsd-questions@freebsd.org>;
	Sun, 12 Oct 2008 15:00:34 +0300 (EEST)
X-AuditID: c18cc01c-ab25cba000000e26-82-48f1e6e27a06 
Received: (qmail 46750 invoked from network); 12 Oct 2008 12:11:45 -0000
Received: from unknown (HELO [10.0.0.8]) (gulenler@[88.243.97.140])
	(envelope-sender <gulenler@boun.edu.tr>)
	by atmaca2.cc.boun.edu.tr (qmail-ldap-1.03) with SMTP
	for <freebsd-questions@freebsd.org>; 12 Oct 2008 12:11:45 -0000
Message-ID: <48F1E9C1.6000205@boun.edu.tr>
Date: Sun, 12 Oct 2008 15:12:49 +0300
From: Berk Gulenler <gulenler@boun.edu.tr>
Organization: Bogazici University Computer Center
User-Agent: Thunderbird 2.0.0.16 (X11/20080720)
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
X-Enigmail-Version: 0.95.7
Content-Type: text/plain; charset=ISO-8859-9
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: AAAAAA==
Subject: pam_ldap pam_password crypt option doesn't work...?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: gulenler@boun.edu.tr
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Oct 2008 12:12:51 -0000

Hi,

I'm trying to authenticate users from OpenLDAP. In LDAP userPassword
fields are crypted. So I'm trying to use "pam_password crypt" option in
ldap.conf.
But in LDAP log the the password data from pam_ldap module always is in
clear text. What could be wrong?  Thanks in advance.

ldap.conf

host *host*
base ou=people,dc=boun.edu.tr,o=BU
ldap_version 3
binddn cn=root,o=BU
bindpw *password*
port 389
timelimit 30
bind_timelimit 30
pam_login_attribute uid
pam_password crypt

Service conf file

auth    required        /usr/local/lib/pam_ldap.so      try_first_pass

I also tryed use_mapped_pass option, but it didn't worked.

LDAP log

ldap_read: want=60, got=60
  0000:  01 03 04 2c 75 69 64 3d  74 65 73 74 2e 74 65 73  
...,uid=test.tes 
  0010:  74 31 2c 6f 75 3d 70 65  6f 70 6c 65 2c 64 63 3d  
t1,ou=people,dc= 
  0020:  62 6f 75 6e 2e 65 64 75  2e 74 72 2c 6f 3d 42 55  
boun.edu.tr,o=BU 
  0030:  80 0a 79 61 67 6c 69 65  6b 6d 65 6b              
..yagliekmek      [clear text password]
ber_get_next: tag 0x30 len 66 contents:

pam_ldap version is 1.8.4