Scratching my head over passwd- >LDAP 2006-06-06 - By Collins, Kevin [MindWorks]
Back
Sorry, I was basing my input on a previous post that it wasn't working
under Solaris and my personal experience that it is not supported under
HP-UX. I did not say it didn't work, I said "I am not aware...".
Also, I initially tested and implemented LDAP in an RH9 environment and
it may be that it did not work at that time. From the current README for
pam_ldap on RHEL3 (/usr/share/doc/nss_ldap-207 (See http://dap-207.ora-code.com)/README.pam_ldap):
The advantages of this particular version are:
o Support for changing passwords in LDAP, optionally
with NDS or Active Directory servers
Since I work in a mixed environment, and we have our own password
filtering tool written in perl, I did not test it further on Linux.
Additionally, I am fully aware of the "password" entries in PAM - the
same exists on HP-UX, too, but it still doesn't work.
Kevin
-- --Original Message-- --
From: nahant-list-bounces@(protected)
[mailto:nahant-list-bounces@(protected)] On Behalf Of Sharpe, Sam J
Sent: Tuesday, June 06, 2006 4:27 PM
To: Red Hat Enterprise Linux 4 (Nahant) Discussion List
Cc: Discussion of Red Hat Enterprise Linux 3 (Taroon)
Subject: Re: Scratching my head over passwd->LDAP
On 6 Jun 2006, at 22:24, Collins, Kevin [MindWorks] wrote:
> I'm not aware of the traditional passwd command working anywhere
> with LDAP. Use 'ldappasswd'...
passwd is fully PAM enabled. A password change evokes the PAM
password service, which does whatever you configure it to do. In my
case that is attempt a Kerberos password change against AD, if not
fall back to an LDAPS password change.
To quote the PAM manpage:
" password - this group's responsibility is the task of
updating authen-
tication mechanisms. Typically, such services are
strongly
coupled to
those of the auth group. Some authentication mechanisms lend
themselves
well to being updated with such a function. Standard
UN*X
password-
based access is the obvious example: please enter a
replacement pass-
word."
Out of interest, what did you think this PAM directive was for?
Just because you don't know about it doesn't mean it can't happen...
Book a flight to London and I'll demo a password change on my Linux
workstation and Windows desktop for you ;o)
--
Sam
--
nahant-list mailing list
nahant-list@(protected)
https://www.redhat.com/mailman/listinfo/nahant-list
--
Taroon-list mailing list
Taroon-list@(protected)
https://www.redhat.com/mailman/listinfo/taroon-list
|
|
