[Fedora-directory-users] allowing users to change their own passwords (solaris 10)

Susan logastellus at yahoo.com
Fri Feb 24 14:03:48 UTC 2006 

Yea, I checked that, it was already set correctly:

-bash-3.00# ls -l /var/ldap/*.db
-rw-r--r--   1 root     root       65536 Feb 22 09:45 /var/ldap/cert8.db
-rw-r--r--   1 root     root       32768 Feb 22 09:45 /var/ldap/key3.db
-rw-r--r--   1 root     root       32768 Feb 22 09:38 /var/ldap/secmod.db
-bash-3.00# ls -ld /var/ldap/
drwxr-xr-x   3 root     sys          512 Feb 22 09:49 /var/ldap/

and ldapsearch -Z works fine, as non-root.

The strange thing is that in the pam debug log, I see this:

Feb 24 08:52:03 unknown passwd[1227]: [ID 293258 user.warning] libsldap: Status: 91  Mesg:
openConnection: failed to initialize TLS security (An I/O error occurred during security
authorization.)
Feb 24 08:52:03 unknown passwd[1227]: [ID 292100 user.warning] libsldap: could not remove
ldap-serv from servers list
Feb 24 08:52:03 unknown passwd[1227]: [ID 293258 user.warning] libsldap: Status: 7  Mesg: Session
error no available conn.
Feb 24 08:52:03 unknown passwd[1227]: [ID 993883 user.debug] passwd_auth: __user_to_authenticate
returned 13
Feb 24 08:52:03 unknown passwd[1227]: [ID 238438 auth.debug] PAM[1227]: pam_authenticate(29748,
0): error No account present for user
Feb 24 08:52:03 unknown passwd[1227]: [ID 285619 auth.debug] ldap pam_sm_authenticate(passwd
test), flags = 0 
Feb 24 08:52:03 unknown passwd[1227]: [ID 647000 auth.debug] ldap pam_sm_authenticate(passwd
test), AUTHTOK not set
Feb 24 08:52:03 unknown passwd[1227]: [ID 238438 auth.debug] PAM[1227]: pam_authenticate(29748,
0): error Authentication failed

Several things stand out.  

1st, the TLS business.  If root works, why wouldn't non-root users work also??
2nd, what does it mean "error No account present for user"??  is it trying to change local
password?  Even though I explicitly say passwd -r ldap ?
3rd, why is it trying to remove my fds server from some list and what is that list?

I'm thinking that before letting me change my password, it's trying to make me enter my current
password and bombs immediately: 

passwd_auth: __user_to_authenticate returned 13

So...  I'm kind of stuck here...

Thank you, guys.


--- George Holbert <gholbert at broadcom.com> wrote:

> Ah yes,
> 
> Check permission on /var/ldap/cert7.db and /var/ldap/key3.db.
> 
> They should be mode 644.
> 
> Pete Rowley wrote:
> > Susan wrote:
> >
> >> Why would it fail to initialize TLS security?  root works fine...  Is 
> >> there an env var I'm
> >> missing?
> >>
> >>  
> >>
> > Permissions for local files?  Try getting a TLS ldapsearch to work first.
> >
> > ------------------------------------------------------------------------
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >   
> 
> 
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
> 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

More information about the Fedora-directory-users mailing list