[Fedora-directory-users] PassSync and PAM Question
Sean Everson
sean.everson at netronome.com
Fri Jun 22 21:30:29 UTC 2007
All,
I have successfully set up FDS1.04 on Centos4.4, with passSync-20060330.msi
on Windows 2003 Server by following the directions in the docs + howtos.
All traffic is running successfully over SSL in both directions. I am able
to change my password on windows and login on Linux successfully. I am able
to change my password on Linux via ldappasswd or via the Directory Console
successfully. However, when I try to change my password via the standard
passwd command on a linux client the update causes an endless loop of
replication attempts. It would appear that the passwd command is using
crypt to store the password in the directory.
My questions are:
1) Is my understanding correct, that in order for passSync to work the
password encryption policy on the subtree used in the sync agreement has to
be set to "No encryption - CLEAR" Are there any other settings that would
work?
2) I have experimented with "pam_password exo" and "pam_password clear" in
/etc/ldap.conf, but crypt seems to be used regardless of the settings in
this file for hashing the password locally before sending it to the
directory server. This causes an endless replication loop.
Does anyone have an example of an ldap.conf file that works with passSync
and allows the standard passwd command to work for password changes?
Thanks!
--Sean
Sean Everson
IT Manager
Netronome Systems, Inc.
sean.everson at netronome.com
More information about the Fedora-directory-users
mailing list