[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pam_passwdqc ldap problems



On Tue, Aug 24, 2004 at 07:29:23PM -0400, Adams, Chris M, CTR,, DMDCWEST wrote:
> > You should have stacked pam_passwdqc after pam_dhkeys, not before.
> > And there should be no need for "ask_oldauthtok=update
> > check_oldauthtok" on your recent/patched Solaris 8 (it's almost
> > Solaris 9 in fact).
> 
> Thanks for the info, although changing the order there didn't fix the
> problem.  When I took out the ask_oldauthtok=update check_oldauthtok, it
> went back to failing at the very end.  When I put them back in, it works
> just like before, even with the order swapped.  I don't think the ordering
> should matter in this case since pam_dhkeys is used for diffie-hellman keys
> and secure rpc, which we aren't using.

Yes.  I should have been more explicit.  I think your main problem was
that you commented out the "passwd auth ..." line.  Please try the
exact 4 lines from my previous e-mail and let me know of your results.

> I had tried both scenarios listed in PLATFORMS, and since I have patch
> 108993-33, I originally commented out pam_authtok_get and pam_authtok_check,

That's correct.

> but had to use the ask_oldauthtok=update check_oldauthtok options to get it
> to work, so it's sort of a kludge of both scenarios.  

Hmm.  The "passwd auth ..." should have taken care of the old password
request.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]