LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 05-30-2005, 12:09 PM   #1
cyrilrip
LQ Newbie
 
Registered: May 2005
Distribution: fedora core 2
Posts: 3

Rep: Reputation: 0
password change over LDAP works only if TLS is disabled


I try to setup a linux server (fedora core 2, kernel 2.6.10) to use LDAP as
the password repository.
The LDAP server is local to the server, and I manage to authenticate any
user or change their password with the following /etc/ldap.conf file:

host 127.0.0.1
base ou=people,dc=.......
port 2389
pam_password clear
sslpath /var/db/cert7.db
ssl off

But when enabling TLS (I have "ssl start_tls" as the last line above instead
of "ssl off"), I can still authenticate any user (that is I can telnet to the server
and see the authentication occuring on the LDAP server) but trying to change their password (as root, with the passwd command) always fails with this error message:

Authentication token manipulation error

I don't think the problem is on the directory side since I can bind or search over
TLS using at least 2 different LDAP clients/browsers.
I don't think the problem is in the PAM configuration since it works with TLS disabled,
so I don't know where to search anymore, it looks like a bug to me.

Any help would be greatly appreciated .
 
Old 06-01-2005, 01:10 PM   #2
securehack
Member
 
Registered: Sep 2003
Location: United States
Distribution: Slackware 10.1, Debian 3.0, WinXProSP1, Fedora Core 3
Posts: 425

Rep: Reputation: 30
Didn't know much about your problem but googled it.

TAKEN FROM:
http://info.ccone.at/INFO/Mail-Archi.../msg00059.html
Quote:
> Gerhard,
>
> I have solved a problem I reported a long time ago about
> the following (user cannot change own password):
>
> passwd: Authentication token manipulation error
>
> The solution was simply to chmod +s /usr/bin/passwd
You can try that but I am not sure.

--Abid Kazmi

-=-EDIT-=-
Quote:
but trying to change their password (as root, with the passwd command) always fails
Didn't notice the root there. That seems to be a serious error with your passd and shdw files. Will go indepth later. At school and bell has rung.

Last edited by securehack; 06-01-2005 at 01:13 PM.
 
Old 06-02-2005, 01:26 AM   #3
cyrilrip
LQ Newbie
 
Registered: May 2005
Distribution: fedora core 2
Posts: 3

Original Poster
Rep: Reputation: 0
Hello Abid,

See my answers to your reply inlines ..


Quote:
Originally posted by securehack
Didn't know much about your problem but googled it.

TAKEN FROM:
http://info.ccone.at/INFO/Mail-Archi.../msg00059.html


You can try that but I am not sure.


I'd already googled a lot before posting that question, and thus I had already seen this
solution but since my /usr/bin/passwd file rights and ownership look OK (-r-s--x--x root root),
it's not the right solution in my case.

Moreover, in such a case, I think I would also have troubles changing the passwd over LDAP
without TLS enabled, which is not the case: just by adding a # at the beginning of the
"ssl start_tls line" in /etc/ldap.conf makes the whole thing works, while over TLS, I can't change
any passwd but can still authenticate (??!!...) .

Good luck at school anyway !




--Abid Kazmi

-=-EDIT-=-


Didn't notice the root there. That seems to be a serious error with your passd and shdw files. Will go indepth later. At school and bell has rung.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LDAP TLS lockups blueplazma Linux - Software 2 04-23-2005 01:48 PM
deleting LDAP user...password? blink_00 SUSE / openSUSE 3 02-21-2005 11:24 AM
How can I change e-mail password(or linux account password) with php in website?? yusuf Programming 1 05-28-2004 09:39 AM
IMAP works but IMAP TLS doesn't under PHP (Horde IMP) theparadigm Linux - Software 0 11-17-2003 12:35 AM
change password at slave ldap u4113072 Linux - Software 0 11-12-2002 02:50 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 03:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration