Erling Ringen Elvsrud writes:
> I have a (Open)LDAP directory currently used for authentication
> purposes on Linux systems. (...) I want users to be able to change
> their own password. (...) Without much study I have tried and
> currently /usr/bin/passwd stores the password in cleartext. I want to
> use SMD5.
I don't use PAM, but I think you put 'pam_password exop' in
pam_ldap.conf and 'password-hash {SMD5}' in slapd.conf.
The former should tell PAM to use the LDAP Password Modify Extended
Operation instead of plain Modify. The client still sends the password
in cleartext, but with this operation OpenLDAP slapd hashes it according
to the 'password-hash' directive, see man slapd.conf.
> If I add SAMBA support I have to update two passwords.
Use the smbk5pwd overlay, see contrib/slapd-modules/smbk5pwd/README in
the OpenLDAP source. It can intercept Password Modify operations and
update Samba password hashes too.
--
Regards,
Hallvard
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
