On Monday 01 October 2007 20:29, Brian A. Seklecki wrote: > On Mon, 1 Oct 2007, Jonathan McKeown wrote: > > The passwd(1) program was rewritten some time ago to use PAM, but a test > > was left in which prevents it doing so. I have asked, both on this list > > and on freebsd-hackers in the last few weeks, whether there is any reason > > other than historical to leave this test in, and been deafened by the > > silence. There are a couple of PRs either open or suspended regarding > > this issue. > > > > I diked out the whole switch statement and replaced it with a single > > printf, and it works for changing LDAP passwords. I haven't thoroughly > > tested to see if it causes any other problems. > > Does it log in as the LDAP user or the PAM super-user to do the attribute > change? I'll check out the source...but that's great news. ~BAS
From what I remember you have to add some additional configuration in the pam_ldap config file - pam_password exop seems to ring a bell - which tells pam_ldap to use the RFC3062 Password Modify extended operation. I think it does it as the user who owns the password so you need something like access to attrs=userPassword by self write by * auth in slapd.conf. I was actually fiddling with this to try and get pam_pGINA working: if anyone has had any joy with that I'd be interested to hear about it. Jonathan _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"