<div dir="ltr">Hi All<div>I am trying to change the password using passwd, please see the below :</div><div><br></div><div><div>[xyz@server ~]$ passwd</div><div>Changing password for user xyz.</div><div>Enter login(LDAP) password:</div>
<div>New UNIX password:</div><div>Retype new UNIX password:</div><div><b>LDAP password information update failed: Confidentiality required</b></div><div><b>Operation requires a secure connection.</b></div><div><br></div>
<div>
The error log shows </div><div><div>Nov 13 11:47:17 HA-Dev-Nymgo-100-45 passwd: pam_unix(passwd:chauthtok): user "xyz" does not exist in /etc/passwd</div></div><div><br></div><div>Pam config follows :</div><div>
<br></div><div>/etc/pam.d/passwd</div><div><div>#%PAM-1.0</div><div>auth include system-auth</div><div>account include system-auth</div><div>password include system-auth</div><div>~</div></div><div>
<br></div><div>/etc/pam.d/system-auth</div><div><br></div><div><div>#/etc/pam.d/system-auth</div><div>#%PAM-1.0</div><div><br></div><div>auth required pam_env.so</div><div>auth sufficient pam_unix.so</div>
<div>auth sufficient pam_ldap.so use_first_pass</div><div>auth required pam_deny.so</div><div><br></div><div>account sufficient pam_unix.so</div><div>account sufficient pam_ldap.so use_first_pass</div>
<div>account required pam_deny.so</div><div><br></div><div>password requisite pam_cracklib.so try_first_pass retry=3</div><div>password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok</div>
<div>password sufficient pam_ldap.so use_authtok</div><div>password required pam_deny.so</div><div><br></div><div><br></div><div>#password required pam_cracklib.so retry=3 minlen=2 dcredit=0 ucredit=0</div>
<div>#password sufficient pam_unix.so nullok use_authtok md5 shadow</div><div>#password sufficient pam_ldap.so</div><div>#password required pam_deny.so</div><div><br></div><div>session optional pam_mkhomedir.so skel=/etc/skel/ umask=0022</div>
<div>session required pam_limits.so</div><div>session required pam_unix.so</div><div>session optional pam_ldap.so</div><div>~</div><div>~</div></div><div><br></div><div><br></div><br><div class="gmail_quote">
On Tue, Nov 13, 2012 at 11:15 AM, Arpit Tolani <span dir="ltr"><<a href="mailto:arpittolani@gmail.com" target="_blank">arpittolani@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello<br>
<div class="im"><br>
<br>
<br>
On Tue, Nov 13, 2012 at 1:10 PM, Ali Jawad <<a href="mailto:ali.jawad@splendor.net">ali.jawad@splendor.net</a>> wrote:<br>
> Hi Arpit<br>
> Actually I was attempting to change the password using command line<br>
><br>
> passwd<br>
><br>
> I.e. each user changes his own password, is passwd the right choice here ?<br>
><br>
<br>
</div>Yes, passwd is right choice, considering you have pam_ldap.so properly<br>
configured & yes passwd dont need ssl/tls to be configured.<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
> Regards<br>
><br>
> On Mon, Nov 12, 2012 at 11:27 PM, Arpit Tolani <<a href="mailto:arpittolani@gmail.com">arpittolani@gmail.com</a>><br>
> wrote:<br>
>><br>
>> Hello<br>
>><br>
>> On Tue, Nov 13, 2012 at 12:33 AM, Ali Jawad <<a href="mailto:ali.jawad@splendor.net">ali.jawad@splendor.net</a>><br>
>> wrote:<br>
>> > In that case I have a major overhaul that I need to complete, change<br>
>> > password is not working for me, my assumption is that it only works with<br>
>> > TLS<br>
>> > enabled between the client and the server, I have tried to get TLS to<br>
>> > run a<br>
>> > few times but could not get it to run so far. Am I right about the<br>
>> > assumption that I need encryption between the server and the clients for<br>
>> > password change to work ?<br>
>> > Regards<br>
>> ><br>
>><br>
>> When using ldappasswd command, Yes ssl/tls is mandatory, Try changing<br>
>> password using ldapmodify, it doesnt required ssl/tls connection.<br>
>><br>
>> ><br>
>> > On Mon, Nov 12, 2012 at 8:56 PM, Mark Reynolds <<a href="mailto:mareynol@redhat.com">mareynol@redhat.com</a>><br>
>> > wrote:<br>
>> >><br>
>> >> Only "crypt" uses the first 8 characters, so any other scheme would be<br>
>> >> fine. After you change the scheme you will need to force all the users<br>
>> >> to<br>
>> >> change their passwords - otherwise their crypt passwords will still be<br>
>> >> present.<br>
>> >><br>
>> >><br>
>> >><br>
>> >> On 11/12/2012 01:52 PM, Ali Jawad wrote:<br>
>> >><br>
>> >> Hi All<br>
>> >> This is an all Linux environment with 389 being used as the sole<br>
>> >> authentication mechanism, I do believe I am using crypt, I am out of<br>
>> >> office<br>
>> >> right now, what should I use instead of crypt to match more characters<br>
>> >> ?<br>
>> >> Regards<br>
>> >><br>
>> >> On Mon, Nov 12, 2012 at 7:02 PM, Mark Reynolds <<a href="mailto:mareynol@redhat.com">mareynol@redhat.com</a>><br>
>> >> wrote:<br>
>> >>><br>
>> >>> Also what password storage scheme are you using? For example "crypt"<br>
>> >>> only checks the first 8 characters of a password.<br>
>> >>><br>
>> >>><br>
>> >>> On 11/12/2012 11:18 AM, Dan Lavu wrote:<br>
>> >>><br>
>> >>> In regards to a password policy? Just 389 or are you using winsync<br>
>> >>> with<br>
>> >>> AD? Because the password policy from AD does not transfer over. Also<br>
>> >>> they<br>
>> >>> are some extra steps if you want to setup an OU based password policy<br>
>> >>> but if<br>
>> >>> you just do it for the entire directory through ‘configuration’ it<br>
>> >>> works<br>
>> >>> with no issues.<br>
>> >>><br>
>> >>> Dan<br>
>> >>><br>
>> >>> From: Ali Jawad <<a href="mailto:ali.jawad@splendor.net">ali.jawad@splendor.net</a>><br>
>> >>> Sent: November 12, 2012 6:00 AM<br>
>> >>> To: General discussion list for the 389 Directory server project.<br>
>> >>> Subject: [389-users] Password + anything works ?<br>
>> >>><br>
>> >>> Hi<br>
>> >>> I just noticed that you can use the password+ANYLetters and it will<br>
>> >>> work,<br>
>> >>> I.e. if the password is xyz xyz99 or xyzABC will work as well, is this<br>
>> >>> a<br>
>> >>> misconfiguration on my part or a bug ?<br>
>> >>> Regards<br>
>> >>><br>
>><br>
>> Regards<br>
>> Arpit Tolani<br>
>> --<br>
>> 389 users mailing list<br>
>> <a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
>> <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
><br>
><br>
><br>
><br>
> --<br>
> Ali Jawad<br>
> Information Systems Manager<br>
> CISSP - PMP - ITIL V3 - RHCE - VCP - C|EH - CCNA - MCSA<br>
> Splendor Telecom (<a href="http://www.splendor.net" target="_blank">www.splendor.net</a>)<br>
> Beirut, Lebanon<br>
> Phone: +9611373725/ext 116<br>
> FAX: +9611375554<br>
><br>
><br>
><br>
> --<br>
> 389 users mailing list<br>
> <a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
> <a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br>
<br>
--<br>
Regards<br>
Arpit Tolani<br>
--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>
<div dir="ltr"><font><font color="#888888"><b>Ali Jawad <br></b></font></font><div><div><font><font color="#888888"><b>Information Systems Manager<br><font size="1">CISSP - PMP - ITIL V3 - RHCE - VCP - C|EH - CCNA - MCSA</font><br>
</b></font></font></div><div><font><font color="#888888"><b>Splendor Telecom <span style="background-color:rgb(255,255,255)">(</span><span style="background-color:rgb(51,51,255);color:rgb(51,102,255)"><a href="http://www.splendor.net/" target="_blank"><span style="background-color:rgb(255,255,255)"><font color="#3366ff">www.splendor.net</font></span></a></span><span style="background-color:rgb(255,255,255)">)</span><br>
Beirut, Lebanon<br>Phone: +9611373725/ext 116<br>FAX: +9611375554<br><br></b></font></font><div><div></div></div></div></div></div><br>
</div></div>