Date: Mon, 1 Oct 2007 08:56:44 +0200 From: Jonathan McKeown <jonathan@hst.org.za> To: freebsd-questions@freebsd.org Cc: "O. Hartmann" <ohartman@zedat.fu-berlin.de>, "Brian A. Seklecki" <lavalamp@spiritual-machines.org> Subject: passwd(1) and LDAP (was Re: FreeBSD 7.0, Open LDAP, PAM, TLS and NSS, howto?) Message-ID: <200710010856.44860.jonathan@hst.org.za> In-Reply-To: <1190989759.2994.26.camel@new-host> References: <46FCDD68.6030901@zedat.fu-berlin.de> <1190989759.2994.26.camel@new-host>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 28 September 2007 16:29, Brian A. Seklecki wrote: > FreeBSD 5.x and 6.x work fine with both PAM and NSS -> LDAP w/ TLS > (PKI). > > All other services (RADIUS, Apache ((mod_ldap, mod_pam_auth), PHP, > interactive shell, SFTP, etc.) can be tied into LDAP either directly or > via PAM. > > As for password change, I don't know if anyone has a passwd(1) binary > that properly changes the LDAP password attribute -- if there is and its > out there, it requires ACL insanity. The passwd(1) program was rewritten some time ago to use PAM, but a test was left in which prevents it doing so. I have asked, both on this list and on freebsd-hackers in the last few weeks, whether there is any reason other than historical to leave this test in, and been deafened by the silence. There are a couple of PRs either open or suspended regarding this issue. I diked out the whole switch statement and replaced it with a single printf, and it works for changing LDAP passwords. I haven't thoroughly tested to see if it causes any other problems. Jonathan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710010856.44860.jonathan>