Hi,
I currently have openldap-2.0.7-4 running and nss_ldap-122-4
I can su to a user who has info in LDAP only, and the id and whoami all
report the valid info.
my question is: can a setup be created so that a user can use the
passwd cmd to change their password? the best I can get is
bash-2.04$ passwd
Enter login(LDAP) password:
New clibLDAP password:
Retype new clibLDAP password:
passwd: Authentication token manipulation error
bash-2.04$
where the clibLDAP prompt comes from
[root@kloof pam.d]# cat system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth sufficient /lib/security/pam_ldap.so
auth sufficient /lib/security/pam_unix.so likeauth nullok md5
shadow use_first_pass
auth required /lib/security/pam_deny.so
account sufficient /lib/security/pam_ldap.so
account sufficient /lib/security/pam_unix.so
account required /lib/security/pam_deny.so
password required /lib/security/pam_cracklib.so retry=3
type=clibLDAP
password sufficient /lib/security/pam_ldap.so
password sufficient /lib/security/pam_unix.so nullok use_authtok
md5 shadow #try_first_pass
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session optional /lib/security/pam_ldap.so
session required /lib/security/pam_unix.so
This is on a Redhat 7.0 system.
