Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 2 Oct 2007 08:57:04 +0200
From:      Jonathan McKeown <jonathan+freebsd-questions@hst.org.za>
To:        "Brian A. Seklecki" <lavalamp@spiritual-machines.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: passwd(1) and LDAP (was Re: FreeBSD 7.0, Open LDAP, PAM, TLS and NSS, howto?)
Message-ID:  <200710020857.04541.jonathan%2Bfreebsd-questions@hst.org.za>
In-Reply-To: <20071001142854.I34346@arbitor.digitalfreaks.org>
References:  <46FCDD68.6030901@zedat.fu-berlin.de> <200710010856.44860.jonathan@hst.org.za> <20071001142854.I34346@arbitor.digitalfreaks.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Monday 01 October 2007 20:29, Brian A. Seklecki wrote:
> On Mon, 1 Oct 2007, Jonathan McKeown wrote:
> > The passwd(1) program was rewritten some time ago to use PAM, but a test
> > was left in which prevents it doing so. I have asked, both on this list
> > and on freebsd-hackers in the last few weeks, whether there is any reas=
on
> > other than historical to leave this test in, and been deafened by the
> > silence. There are a couple of PRs either open or suspended regarding
> > this issue.
> >
> > I diked out the whole switch statement and replaced it with a single
> > printf, and it works for changing LDAP passwords. I haven't thoroughly
> > tested to see if it causes any other problems.
>
> Does it log in as the LDAP user or the PAM super-user to do the attribute
> change?  I'll check out the source...but that's great news.  ~BAS

=46rom what I remember you have to add some additional configuration in the=
=20
pam_ldap config file - pam_password exop seems to ring a bell - which tells=
=20
pam_ldap to use the RFC3062 Password Modify extended operation. I think it=
=20
does it as the user who owns the password so you need something like

access to attrs=3DuserPassword
    by self write
    by * auth

in slapd.conf.

I was actually fiddling with this to try and get pam_pGINA working: if anyo=
ne=20
has had any joy with that I'd be interested to hear about it.

Jonathan

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710020857.04541.jonathan%2Bfreebsd-questions>