Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
05-30-2005, 12:09 PM
|
#1
|
|
LQ Newbie
Registered: May 2005
Distribution: fedora core 2
Posts: 3
Rep: 
|
password change over LDAP works only if TLS is disabled
I try to setup a linux server (fedora core 2, kernel 2.6.10) to use LDAP as
the password repository.
The LDAP server is local to the server, and I manage to authenticate any
user or change their password with the following /etc/ldap.conf file:
host 127.0.0.1
base ou=people,dc=.......
port 2389
pam_password clear
sslpath /var/db/cert7.db
ssl off
But when enabling TLS (I have "ssl start_tls" as the last line above instead
of "ssl off"), I can still authenticate any user (that is I can telnet to the server
and see the authentication occuring on the LDAP server) but trying to change their password (as root, with the passwd command) always fails with this error message:
Authentication token manipulation error
I don't think the problem is on the directory side since I can bind or search over
TLS using at least 2 different LDAP clients/browsers.
I don't think the problem is in the PAM configuration since it works with TLS disabled,
so I don't know where to search anymore, it looks like a bug to me.
Any help would be greatly appreciated .
|
|
|
|
|
06-01-2005, 01:10 PM
|
#2
|
|
Member
Registered: Sep 2003
Location: United States
Distribution: Slackware 10.1, Debian 3.0, WinXProSP1, Fedora Core 3
Posts: 425
Rep: 
|
Didn't know much about your problem but googled it.
TAKEN FROM:
http://info.ccone.at/INFO/Mail-Archi.../msg00059.html
Quote:
> Gerhard,
>
> I have solved a problem I reported a long time ago about
> the following (user cannot change own password):
>
> passwd: Authentication token manipulation error
>
> The solution was simply to chmod +s /usr/bin/passwd
|
You can try that but I am not sure.
--Abid Kazmi
-=-EDIT-=-
Quote:
|
but trying to change their password (as root, with the passwd command) always fails
|
Didn't notice the root there. That seems to be a serious error with your passd and shdw files. Will go indepth later. At school and bell has rung.
Last edited by securehack; 06-01-2005 at 01:13 PM.
|
|
|
|
|
06-02-2005, 01:26 AM
|
#3
|
|
LQ Newbie
Registered: May 2005
Distribution: fedora core 2
Posts: 3
Original Poster
Rep:
|
Hello Abid,
See my answers to your reply inlines ..
Quote:
Originally posted by securehack
Didn't know much about your problem but googled it.
TAKEN FROM:
http://info.ccone.at/INFO/Mail-Archi.../msg00059.html
You can try that but I am not sure.
I'd already googled a lot before posting that question, and thus I had already seen this
solution but since my /usr/bin/passwd file rights and ownership look OK (-r-s--x--x root root),
it's not the right solution in my case.
Moreover, in such a case, I think I would also have troubles changing the passwd over LDAP
without TLS enabled, which is not the case: just by adding a # at the beginning of the
"ssl start_tls line" in /etc/ldap.conf makes the whole thing works, while over TLS, I can't change
any passwd but can still authenticate (??!!...) .
Good luck at school anyway !
--Abid Kazmi
-=-EDIT-=-
Didn't notice the root there. That seems to be a serious error with your passd and shdw files. Will go indepth later. At school and bell has rung.
|
|
|
|
|
All times are GMT -5. The time now is 11:45 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
