[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LDAP authentication with PAM

>>>>> "Marc" == Marc Martinez <lastxit@technogeeks.org> writes:

    Marc> hmmm, I haven't examined the deb's for potato with TLS
    Marc> support yet, but building my own for unstable recently I ran
    Marc> into a problem with being unable to authenticate any of my
    Marc> users with md5 hashed passwords.  the problem turned out to

Ohhh.... Sounds suspiciously like my problem.

I have just realized that:
a) password generates cleartext passwords (how do I fix this?)
b) directory administrator generates MD5 passwords that cannot be used.
Initially I blamed this on directory administrator... :-(

    Marc> be with libcrypto being linked in before libcrypt, and the
    Marc> crypt() function being overridden without support for the
    Marc> md5 hashes.  after whacking out a quick c program to verify
    Marc> my suspicion I went over all the Makefiles changing the
    Marc> XXLIBS variable to include LUTIL_LIBS before SECURITY_LIBS
    Marc> and everything worked fine.

I take it that libcrypto has its own crypt function that doesn't have
MD5 support? Why?

Anyway I cheated. I changed the SECURITY_LIB= line in build/top.mk to
have -lcrypt hard-coded in front.

(by cheat I mean: task a short cut that results in me having to
recompile openldap 10 times trying to work out why the problem still
hasn't gone away instead only once).


    >> >ldapsearch -x -Duid=root,ou=People,dc=chocbit,dc=org,dc=au -W
    >> uid=root Enter LDAP Password: ldap_bind: Can't contact LDAP
    >> server additional info: error:14077410:SSL
    >> routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

    Marc> assuming you used netstat to verify that the server is
    Marc> actually listening on port 636, did you generate a
    Marc> certificate and add the TLSCertificate* options to the
    Marc> slapd.conf file?

Ummm... No... That can't be important can it?
<evil grin>of course its not my fault</evil grin>.

Where can I find documentation on the appropriate options?
Brian May <bam@debian.org>

Reply to: