Perhaps the OpenDir is storing both hashes. One might be a MD5 hash,
for example, and the other would be a CRYPT hash. I don't think
there's a technical reason LDAP can't store multiple entries and the
default behavior of PAM might be to check all available.
On Dec 3, 2007, at 3:06 PM, Edward Ned Harvey wrote:
Hi all. I have Apple Xserve with Open Dir running. I have
presently ldap
client running on linux for authentication. Here's the strange thing:
When a user uses "passwd" in linux, changes his/her password, *both*
the new
and old password still work!
I tried looking in /etc/{passwd,shadow,group,gshadow} to see if
there's some
new entry there. Nope.
I tried rebooting the client. No change.
I did not try rebooting the server (people using it.)
I double-checked /etc/nsswitch.conf:
passwd: files ldap
shadow: files ldap
group: files ldap
And here's one more clue:
Suppose my initial password is pass1
And then I change password to pass2. Now "pass1" and "pass2" both
work.
And then I change password to pass3. Now "pass1" and "pass3" both
work, but not "pass2"
Any suggestions?
_______________________________________________
bblisa mailing list
[email protected]
http://www.bblisa.org/mailman/listinfo/bblisa
_______________________________________________
bblisa mailing list
[email protected]
http://www.bblisa.org/mailman/listinfo/bblisa
