> > I have a (Open)LDAP directory currently used for authentication
> > purposes on Linux systems. (...) I want users to be able to change
> > their own password. (...) Without much study I have tried and
> > currently /usr/bin/passwd stores the password in cleartext. I want to
> > use SMD5.
> I don't use PAM, but I think you put 'pam_password exop' in
> pam_ldap.conf and 'password-hash {SMD5}' in slapd.conf.Yes. > The former should tell PAM to use the LDAP Password Modify Extended > Operation instead of plain Modify. The client still sends the password > in cleartext, but with this operation OpenLDAP slapd hashes it according > to the 'password-hash' directive, see man slapd.conf. > > If I add SAMBA support I have to update two passwords. > Use the smbk5pwd overlay, see contrib/slapd-modules/smbk5pwd/README in > the OpenLDAP source. It can intercept Password Modify operations and > update Samba password hashes too. Yes. Works great.
signature.asc
Description: This is a digitally signed message part
--- You are currently subscribed to [email protected] as: [EMAIL PROTECTED] To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the SUBJECT of the message.
