[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: RedHat Authentication and LDAP

> > Why is passwd asking for the user's old password?  Most times root
> > is changing the password because the user forgot it in the first
> > place.
> Because with LDAP, there's no "magic" that gives the root user write 
> access to the information.  Passwords get changed over LDAP, so you
> have to provide credentials no matter who you are.

Well, I found a solution.  Apparently not very well documented there
is a /etc/ldap.secret file in which you can specify the password for
whatever user you specified in /etc/ldap.conf as the administrative
user.  Unfortunately, it's a plain text password.  It's recommended
to have the file set to 600 so that only root can read it.  Still
not happy with that, but I suppose if somebody has managed to get root
access you have bigger problems.

I'm going to create an administrative user with the permissions that
PAM requires to do it's stuff and give it it's own password.  That'll
work for me for the time being.

> > Also, I've noticed that /usr/sbin/useradd and /usr/sbin/userdel
> > don't operate on the LDAP directory, but on the /etc/passwd and
> > /etc/shadow.  Is this a misconfiguration on my part?

> I don't believe so.  I understand that you'll have to use LDAP
> specific tools.
> Try Directory Administrator:
>   http://diradmin.open-it.org/index.php

I appreciate the reference, but it's not going to work for me.  I
need something that's command line scriptable that can be tossed
into a perl/shell script.  I ended up just adding the useradd
functionality that I needed into my perl script.

Have Fun, Suffer and Survive, or Get Lost in the Net!

Mark Hoover
mahoover ispaceonline org

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]