Differences between version 15 and predecessor to the previous major change of LDAPAuthentication.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 15 | Last edited on Tuesday, January 13, 2004 6:08:49 pm | by PerryLorier | Revert |
Older page: | version 13 | Last edited on Tuesday, January 13, 2004 2:17:55 pm | by AlbanBrowaeys | Revert |
@@ -31,8 +31,9 @@
MAY rfc822MailMember
)
Seemed to work for me, or at least, it stopped the migration script from barfing halfway through.
+
Update: /etc/ldap/schema/rfc822.schema is a substract of /etc/ldap/schema/misc.schema . You can either use rfc822.schema as shown above or add:
include /etc/ldap/schema/misc.schema
atop the /etc/ldap/slapd.conf file. Then restart slapd.
@@ -148,9 +149,10 @@
The only "tweak" I made was to edit /etc/pam_ldap.conf to have the "pam_password" attribute set to "exop". In my experiementation I could only get the "clear", "crypt", and "exop" pam_password methods working. MD5 always failed. I think it might have had something to do with the way OpenLDAP & GQ were interacting when setting passwords encoded with MD5 tho. You might have better luck. Anyway when you use "pam_password exop" and then use passwd(1) to set your passwords in the LDAP directory they are stored encrypted using the very secure SSHA algorythm.
__Note:__ I think I discovered a bug in authconfig. If you run it multiple times it can bugger up you /etc/pam.d/system-auth file. It appears to append lines to the end of existing configurations. So you end up with lines like this:
- password sufficient /lib/security/pam_ldap.so use_authtokpassword
sufficient /lib/security/pam_ldap.so
+ password sufficient /lib/security/pam_ldap.so use_authtok
+ password
sufficient /lib/security/pam_ldap.so
This is bad. You need to make sure your system-auth file is properly setup. It should look like this:
auth required /lib/security/pam_env.so