On Wed, 21 Mar 2001, Wil Cooley wrote: wcoole> Thus spake Paulo Matos: wcoole> ... wcoole> > Does anyone have a similar problem? How can an ACL on slapd.conf wcoole> > cause such behavior?! It does not make any sense... wcoole> > wcoole> > How exactly is done the password verification?! Can someone explain me this, please! Although I examined the code of pam_ldap I see no use of crypt(3) for authentication purposes, only when generating a new password, so I concluded passwd matching is done on ldap server. So why I get authenticated when I remove the ACL? wcoole> > Is this a problem from pam_ldap or openssl? wcoole> wcoole> I believe the problem you are seeing is the same I ran into a few weeks ago. wcoole> The problem is that the crypt() function from OpenSSL doesn't support the MD5 wcoole> extension. See my posts here for more information: wcoole> wcoole> http://www.openldap.org/lists/openldap-software/200103/msg00114.html wcoole> wcoole> Note that the solution of re-ordering libraries doesn't seem to have wcoole> worked consistently; probably the best is to have users change their wcoole> passwords. So I have no solution to use md5 hashed passwords, unless I change the ACL! In this case is the client side who does password matching? -- Paulo Matos ----------------------------------- ---------------------------------- |Sys & Net Admin | Serviço de Informática | |Faculdade de Ciências e Tecnologia | Tel: +351-21-2941346 | |Universidade Nova de Lisboa | Fax: +351-21-2948548 | |P-2825-114 Caparica | e-Mail: pjsm@fct.unl.pt | ----------------------------------- ----------------------------------
