[BBLISA] OpenDir, passwd, LDAP and Linux: Oh my!
Grant Young
grant at toaster-repair.com
Mon Dec 3 15:54:50 EST 2007
Perhaps the OpenDir is storing both hashes. One might be a MD5 hash,
for example, and the other would be a CRYPT hash. I don't think
there's a technical reason LDAP can't store multiple entries and the
default behavior of PAM might be to check all available.
On Dec 3, 2007, at 3:06 PM, Edward Ned Harvey wrote:
> Hi all. I have Apple Xserve with Open Dir running. I have
> presently ldap
> client running on linux for authentication. Here's the strange thing:
>
> When a user uses "passwd" in linux, changes his/her password, *both*
> the new
> and old password still work!
>
> I tried looking in /etc/{passwd,shadow,group,gshadow} to see if
> there's some
> new entry there. Nope.
>
> I tried rebooting the client. No change.
>
> I did not try rebooting the server (people using it.)
>
> I double-checked /etc/nsswitch.conf:
> passwd: files ldap
> shadow: files ldap
> group: files ldap
>
> And here's one more clue:
> Suppose my initial password is pass1
> And then I change password to pass2. Now "pass1" and "pass2" both
> work.
> And then I change password to pass3. Now "pass1" and "pass3" both
> work, but not "pass2"
>
> Any suggestions?
>
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
More information about the bblisa
mailing list