Re: [Phpgroupware-developers] phpgw password creation for ldap buggy?

[Paul Tietjens]

I have PAM and LDAP configured to authenticate, and can change the LDAP
password via phpgroupware.  I had zero success with using {md5} as the hash
type, and as a result, PAM, LDAP and the nss binds in the ldap client are
configured to use {crypt} (DES) to authenticate.

It all works great, aside from Samba password changes in phpgw.  On windows
clients, smbpasswd/PAM is used to change all passwords at once.

Izzy Blacklock (address@hidden) wrote:
>
>After many frustrating hours, I finally have apache working again with the new
>version of openssl 0.9.6j (couldn't get 0.9.7b working, but suspect it will
>now; I'll try it another day).  Sadly it didn't solve my original problem.
>Not that updating my openssl libraries was a waste of time or anything.  It
>needed to be done anyway.  Thanks for bringing it to my attention Lars.
>Somehow I missed the update notices.
>
>Any other suggestions as to what could be causing this?  Is anyone actually
>using phpgw to change ldap passwords?  I suspect this is also why I wasn't
>able to log in with any of the demo or default admin accounts I created
>during setup.  Has anyone had success with these accounts?
>
>I'm starting to think my problem is related to how I compiled/configured
>openldap.  I suspect that PAM doesn't use ldap to authenticate, but reads the
>stored password and does it's own authentication.  This would explain why PAM
>doesn't have a problem with the password, no matter how it's generated, but
>LDAP does.
>
>Thoughts?
>
>...Izzy
>
>
>On Saturday 12 Apr 2003 11:38 am, Izzy Blacklock wrote:
>> On Friday 11 Apr 2003 12:56 pm, Lars Kneschke(priv.) wrote:
>> > Izzy Blacklock <address@hidden> schrieb:
>> > >I'm tying to figure out why passwords created by phpgw with ldap
>> > >authentication don't seem to work.  Anything using PAM for
>> > >authentication
>> > >works just fine, but the passwords created by phpgw don't work for
>> > >ldap
>> > >authentication.  Does anyone here have this working?  Is there
>> > >something
>> > >missconfigured in my LDAP server? I'm using md5 passwords.
>> > >
>> > >Here's what the passwords look like.  Password is "test" not that that
>> > >
>> > >matters.
>> > >
>> > >Created from phpgw:
>> > >
>> > >$1$I84UFcFn$LyVZ6pVkPxaRjJyvY6wwT0
>> > >
>> > >Created with slappasswd -s test -h  -c '$1$%.8s'
>> > >
>> > >$19JEJTylB1.M
>> > >
>> > >PAM doesn't seem to have a problem either way, but openLdap 2.0.27
>> > >can't use
>> > >the one created from phpgw.
>> > >
>> > >Any idea what the problem is?
>> >
>> > Some months ago openssl's crypt function was broken. Make sure you have
>> > the latest openssl.
>>
>> Thanks for the tip Lars,
>>
>> I'm currently fighting my way through an update of openssl.  I was running
>> 0.9.6g.  I tried 0.9.7b, but can't get apache to run with it.  Everything
>> compiles and the library is created, but I apachectl startssl doesn't start
>> httpd and the following error shows up in error_log:
>>
>> Invalid command 'SSLEngine', perhaps mis-spelled or defined by a module not
>> included in the server configuration
>>
>> I've recompiled twice now, without any change and no errors during build.
>> I'm trying again with the 0.9.6j version of openssl.  Anyone else tried
>> 0.9.7b?
>>
>> ...Izzy
>>
>>
>>
>> _______________________________________________
>> Phpgroupware-developers mailing list
>> address@hidden
>> http://mail.gnu.org/mailman/listinfo/phpgroupware-developers
>
>
>
>_______________________________________________
>Phpgroupware-developers mailing list
>address@hidden
>http://mail.gnu.org/mailman/listinfo/phpgroupware-developers
>
>