[Cooker] Re2: pam_ldap-164-1mdk - bug report

[magic]

Buchan Milne wrote: Scott, please file a bug on this so we can track it.    I would love to, but same old story...    I haven't been able to file a bug report through bugzilla @ qa.mandrakesoft.com for over 8 months now, with several messages sent to [EMAIL PROTECTED], warly, as well as copying to cooker list, (hoping to get someone's attension) - oh, well... Please note that some issues are affected by certificate validation issues, I am currently running some cooker boxes without ssl in /etc/ldap.conf, and/or disabled cert validation. [Vince, the cert validation issue also affects the openldap packages on 9.1. I mentioned this before, and I have discovered that the problem I had attributed to TinyCA is a general problem with cert validation (in the case you don't use self-signed certs). I will file a seperate bug on openldap, but I would like your input on it)]    I am not running openldap with ssl (yet) so I haven't seen any of those types of issues. In cases where you have a system & ldap user (with same uid) the system password is changed, when the ldap password should be changed (not good)... Any ideas? Hmm, we don't have any local user accounts any more (everything is in LDAP besides emergency accounts on boxes which don't allow local root login). Please upload a copy of your /etc/pam.d/system-auth file to your bug report.    Done. (Actually I will copy what I tried to post to bugzilla. Expecting it wouldn't go, I saved a copy.)    Thanks again!    S    Bug report: Reporter: [EMAIL PROTECTED] Product: pam_ldap Version: 164-1mdk (current) 148-2mdk 148-3mdk 156-1mdk 161-1mdk 161-2mdk 164-1mdk (current) Component: documentation : Problem in the documentation included in the package i18n : Problem of internationalisation/translation in the package packaging : Problem in installing, removing or updating the package pam_ldap : NSS library and PAM module for LDAP. program : Problem in using programs included in the package   Architecture: All DEC HP Macintosh PC SGI Sun Other Priority: P1 P2 P3 P4 P5 Severity: blocker critical major normal minor trivial enhancement   Assigned To: (Leave blank to assign to default component owner) Cc:   URL: Warning: please write in english only Summary: Description: In cases where you have a system & ldap user (with same uid) the system password is changed, when the ldap password should have been changed (not good)... Not sure exactally where the issue is, but pam_ldap-161-1.1mdk works (in conjunction) with both nss_ldap-204-1.1mdk & 207-1mdk. Additional Info: /etc/pam.d/system-auth ---------------------- #%PAM-1.0 auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_unix.so likeauth nullok auth sufficient /lib/security/pam_ldap.so use_first_pass auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so account sufficient /lib/security/pam_ldap.so password required /lib/security/pam_cracklib.so retry=3 minlen=2 dcredit=0 ucredit=0 ucredit=0 password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/pam_ldap.so use_authtok password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session required /lib/security/pam_unix.so /etc/pam.d/passwd ----------------- #%PAM-1.0 auth sufficient /lib/security/pam_ldap.so auth required /lib/security/pam_pwdb.so shadow nullok account sufficient /lib/security/pam_ldap.so account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so retry=3 minlen=4 dcredit=0 ucredit=0 password sufficient /lib/security/pam_ldap.so use_authtok password required /lib/security/pam_pwdb.so use_authtok nullok md5 shadow Text version:   In cases where you have a system & ldap user (with same uid) the system password is changed, when the ldap password should have been changed (not good)... Not sure exactally where the issue is, but pam_ldap-161-1.1mdk works (in conjunction) with both nss_ldap-204-1.1mdk & 207-1mdk. Additional Info: /etc/pam.d/system-auth ---------------------- #%PAM-1.0 auth        required      /lib/security/pam_env.so auth        sufficient    /lib/security/pam_unix.so likeauth nullok auth        sufficient    /lib/security/pam_ldap.so use_first_pass auth        required      /lib/security/pam_deny.so account     required      /lib/security/pam_unix.so account     sufficient    /lib/security/pam_ldap.so password    required      /lib/security/pam_cracklib.so retry=3 minlen=2 dcredit=0  ucredit=0 ucredit=0 password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5 shadow password    sufficient    /lib/security/pam_ldap.so use_authtok password    required      /lib/security/pam_deny.so session     required      /lib/security/pam_limits.so session     required      /lib/security/pam_unix.so /etc/pam.d/passwd ----------------- #%PAM-1.0 auth       sufficient   /lib/security/pam_ldap.so auth       required     /lib/security/pam_pwdb.so shadow nullok account    sufficient   /lib/security/pam_ldap.so account    required     /lib/security/pam_pwdb.so password   required     /lib/security/pam_cracklib.so retry=3 minlen=4 dcredit=0 ucredit=0 password   sufficient   /lib/security/pam_ldap.so use_authtok password   required     /lib/security/pam_pwdb.so use_authtok nullok md5 shadow