Re: OpenSSH public key problem with Solaris 10 and LDAP users?
This is a discussion on Re: OpenSSH public key problem with Solaris 10 and LDAP users? within the OpenSSH Development forums, part of the Networking and Network Related category; Douglas E. Engert wrote: > Since you are using Solaris, and the problem is with old users, added with > ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-16-2007
|
|||
|
|||
Re: OpenSSH public key problem with Solaris 10 and LDAP users?
Douglas E. Engert wrote: > Since you are using Solaris, and the problem is with old users, added with > the PADL MigrationTools, vs new users, this might be a userPassword > attribute issue in LDAP. > > The PADL will add the old password to LDAP using the string: {crypt}crypted-password > where crypted-password was copied from /etc/shadow or NIS. > > If you used some other tool to add new users to ldap with a userPassword > (or no userPasswrod) it might be adding a value which the Solaris pam > considers to be a locked account. So look at how you added the > new users to ldap. > > Test as *root* with: > > ldaplist -l username Opps... ldaplist -l passwd username > > It should have a line with > userPassword: {crypt}crypted-password > > If its not{crypt}something > then try changing it to use {crypt} > > the getpw.c program I sent yesterday should return (assuming the username > is not also in the local /etc/passwd file): > useranme:x:... > username:crypted-password:... > > -- Douglas E. Engert <DEEngert@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/li...enssh-unix-dev 
|
Linear Mode
