passwd(1) and LDAP (was Re: FreeBSD 7.0, Open LDAP, PAM, TLS
and NSS, howto?)
Brian A. Seklecki
lavalamp at spiritual-machines.org
Mon Oct 1 11:29:40 PDT 2007
Does it log in as the LDAP user or the PAM super-user to do the attribute
change? I'll check out the source...but that's great news. ~BAS
On Mon, 1 Oct 2007, Jonathan McKeown wrote:
> On Friday 28 September 2007 16:29, Brian A. Seklecki wrote:
>> FreeBSD 5.x and 6.x work fine with both PAM and NSS -> LDAP w/ TLS
>> (PKI).
>>
>> All other services (RADIUS, Apache ((mod_ldap, mod_pam_auth), PHP,
>> interactive shell, SFTP, etc.) can be tied into LDAP either directly or
>> via PAM.
>>
>> As for password change, I don't know if anyone has a passwd(1) binary
>> that properly changes the LDAP password attribute -- if there is and its
>> out there, it requires ACL insanity.
>
> The passwd(1) program was rewritten some time ago to use PAM, but a test was
> left in which prevents it doing so. I have asked, both on this list and on
> freebsd-hackers in the last few weeks, whether there is any reason other than
> historical to leave this test in, and been deafened by the silence. There are
> a couple of PRs either open or suspended regarding this issue.
>
> I diked out the whole switch statement and replaced it with a single printf,
> and it works for changing LDAP passwords. I haven't thoroughly tested to see
> if it causes any other problems.
>
> Jonathan
>
l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
http://www.spiritual-machines.org/
"Guilty? Yeah. But he knows it. I mean, you're guilty.
You just don't know it. So who's really in jail?"
~Maynard James Keenan
More information about the freebsd-questions
mailing list