"Ellis, Mike" <[EMAIL PROTECTED]> > I turned on (authenticated) SELF-REGISTRATION of tokens in SRSS3.1b, > (which used to work fine in our old NIS+ environment) and was > half-expecting it to ALSO use the same pam.conf entries (as the main GUI > login and screensaver) to authenticate. > > For some reason I can't get the "self registration" to follow the > PAM.CONF rules... (it just keeps "FAILING" the authentication... It does > it VERY quickly, so I don't think it even looks in the right place for a > match.)
This sounds like bug 4826729. If the self-registration GUI can't retrieve the user's (encrypted) password then it won't authenticate the user. If your LDAP is set up so that the encrypted password is not visible then please escalate that bug, it's been brushed off for far too long. > Questions: > - Has anyone gotten authenticated self-registration to work with > OpenLDAP? > - Does self registration use pam.conf? It doesn't. That's the bug, it *should* use PAM. > - Which pam.conf entries does the "self registration" module use? > - How do I get the self registration-module to authenticate the > "token / userid-pw" pair the same way the rest of the > (SunRay/Solaris/dtlogin) environment does. Escalate the bug and request a patch. As a temporary workaround reconfigure LDAP to allow an application that is running as root to recover the user's encrypted password. Yes, it's less secure. OttoM. -- ottomeister Disclaimer: These are my opinions. I do not speak for my employer. -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm _______________________________________________ SunRay-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/sunray-users
