Hopefully someone can help out. I am currently running openldap 2.4 with a provider and two consumers. I have a few Linux hosts and a few HP-UX hosts setup for authentication and sudo. For the most part everything works well. I actually have no issues with Linux hosts. On my HP-UX hosts, I have LDAP-UX integration setup. I am able to authenticate fine. Sudo also works well. My issue is when I set pwdReset=TRUE. Basically The HP-UX boxes just keep prompting for the password again., but never prompting for a new authtok. As part of the implementation on the HP-UX servers, I use pam_authz. I have the following entry set.
PAM_NEW_AUTHTOK_REQD:ldap_filter:(pwdReset=TRUE) The way it should work is that it reads and finds that pwdReset is set to true and passes PAM_NEW_AUTHTOK_REQD. But instead I see this entry in the syslog file: error: PAM: Authentication token manipulation error for userXYZ from serverXYZ I take that as actually being PAM_AUTHTOK_ERR being returned. I am not sure if anyone else has any experience with HP-UX LDAP-UX integration and getting it to work with openldap. I feel it is probably something trivial that I am overlooking. Any help would be appreciated. ________________________________ This message (including any attachments) is confidential and intended for a specific individual and purpose. If you are not the intended recipient, please notify the sender immediately and delete this message.
