passwd(1) and LDAP (was Re: FreeBSD 7.0, Open LDAP, PAM, TLS and NSS,
howto?)
Jonathan McKeown
jonathan at hst.org.za
Sun Sep 30 23:53:51 PDT 2007
On Friday 28 September 2007 16:29, Brian A. Seklecki wrote:
> FreeBSD 5.x and 6.x work fine with both PAM and NSS -> LDAP w/ TLS
> (PKI).
>
> All other services (RADIUS, Apache ((mod_ldap, mod_pam_auth), PHP,
> interactive shell, SFTP, etc.) can be tied into LDAP either directly or
> via PAM.
>
> As for password change, I don't know if anyone has a passwd(1) binary
> that properly changes the LDAP password attribute -- if there is and its
> out there, it requires ACL insanity.
The passwd(1) program was rewritten some time ago to use PAM, but a test was
left in which prevents it doing so. I have asked, both on this list and on
freebsd-hackers in the last few weeks, whether there is any reason other than
historical to leave this test in, and been deafened by the silence. There are
a couple of PRs either open or suspended regarding this issue.
I diked out the whole switch statement and replaced it with a single printf,
and it works for changing LDAP passwords. I haven't thoroughly tested to see
if it causes any other problems.
Jonathan
More information about the freebsd-questions
mailing list