Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 13th April 2011, 08:32 PM
gettons Offline
Registered User
 
Join Date: Nov 2009
Posts: 6
linuxfirefox
change password ldap user

Hi all,


I have a problem with my fedora workstation.
I am trying to change my ldap user password through passwd command.
When I first create the user on ldap server, I use md5 and create the user password.

This is the entry:

Code:
dn: uid=boo,ou=People,dc=linux,dc=gettolandia,dc=org
uid: boo
cn: boo
objectclass: posixAccount
objectclass: inetOrgPerson
objectclass: shadowAccount
shadowMax: 999999
shadowWarning: 7
shadowLastChange: 10877
userPassword: {MD5}IKrpa9u8/J9z3VryD0DzEQ==
loginShell: /bin/bash
uidNumber: 9001
gidNumber: 9001
homeDirectory: /home/boo
gecos: boo
displayName: boo
mail: boo@boo.boo
givenName: boo
sn: boo
I have installed all the necessary packages on my fedora 64 bit desktop.
When I first try to change the password by doing the following I get prompted the current password and all goes well for setting up a new one.

Code:
boo@gettons-desktop:~$ passwd
But If I do that again, It does not recognize my actual password for some reasons.
Infact I get:

Code:
boo@gettons-desktop:~$ passwd 
Enter login(LDAP) password: 
LDAP Password incorrect: try again
Enter login(LDAP) password: 
Password change aborted
passwd: User not known to the underlying authentication module
passwd: password unchanged

Doing that with root user all goes well, I presume because It does not check the actual password while setting the new one up.


Interesting config file on the client:

Code:
boo@gettons-desktop:~$ cat /etc/login.defs
...
ENCRYPT_METHOD MD5
...

boo@gettons-desktop:~$ cat /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_ldap.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_ldap.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    sufficient    pam_ldap.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
-session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so
session     optional      pam_ldap.so


Thanks in advance.
Reply With Quote
  #2  
Old 13th April 2011, 09:56 PM
smr54 Offline
Registered User
 
Join Date: Jan 2010
Posts: 5,391
linuxchrome
Re: change password ldap user

I'm a bit confused--what user needs a password changed. The passwd command will change the command on the local machine. If you want to change the password that is defined in slapd.conf you use slappasswd (I think that's the name.)

My page at http://home.roadrunner.com/~computertaijutsu/ldap.html

covers change the password.
Reply With Quote
  #3  
Old 13th April 2011, 10:05 PM
gettons Offline
Registered User
 
Join Date: Nov 2009
Posts: 6
linuxsafari
Re: change password ldap user

Hi,thanks for your reply.

What I need is get the user boo to change her password via passwd without
using any ldap command.
I know this can be done because I have seen this working at work, I have the very same configuration
files apart from ssl which is not used in my environment at the moment.

Also,the reason why I think It should be working is because the first time I change the
password it does work ( and I can login with the new password on other machines as well ), but the second time it doesn't and it ends up saying the password is not the right one.
also, if I do that with the root user doing
passwd boo
it does work and I can login with the new password to other machines.

Basically I would like to let the users change their password in the simplest way.

Thanks
Reply With Quote
  #4  
Old 14th April 2011, 10:35 AM
gettons Offline
Registered User
 
Join Date: Nov 2009
Posts: 6
linuxubuntufirefox
Re: change password ldap user

I think I got confused when I did copy and paste from the terminal. The password doesn't look like the same. I did another test, still not working.

Removed the ldif files, stopped the server, imported the ldiff files, and started from scratch.
First, I set the user up in the ldif file:


Code:
dn: uid=boo,ou=People,dc=linux,dc=gettolandia,dc=org
uid: boo
cn: boo
objectclass: posixAccount
objectclass: inetOrgPerson
objectclass: shadowAccount
shadowMax: 999999
shadowWarning: 7
shadowLastChange: 10877
userPassword: {MD5}IKrpa9u8/J9z3VryD0DzEQ==
loginShell: /bin/bash
uidNumber: 9001
gidNumber: 9001
homeDirectory: /home/boo
gecos: boo
displayName: boo
mail: boo@yahoo.it
givenName: boo
sn: boo
then I can login with the password chosen on the client machine. And do:

Code:
# boo, People, linux.gettolandia.org
dn: uid=boo,ou=People,dc=linux,dc=gettolandia,dc=org
uid: boo
cn: boo
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: shadowAccount
shadowMax: 999999
shadowWarning: 7
shadowLastChange: 10877
userPassword:: e01ENX1JS3JwYTl1OC9KOXozVnJ5RDBEekVRPT0=
loginShell: /bin/bash
uidNumber: 9001
gidNumber: 9001
homeDirectory: /home/boo
gecos: boo
displayName: boo
mail: boo@yahoo.it
givenName: boo
sn: boo
Also running the following commands I get:

Code:
getent passwd
boo:x:9001:9001:boo:/home/boo:/bin/bash

getent shadow
boo:*:10877::999999:7:::
Then I change the password from user boo using the passwd command and I logout and login again on the client:
Then I issue the command:

Code:
dn: uid=boo,ou=People,dc=linux,dc=gettolandia,dc=org
uid: boo
cn: boo
objectClass: posixAccount
objectClass: inetOrgPerson
objectClass: shadowAccount
shadowMax: 999999
shadowWarning: 7
loginShell: /bin/bash
uidNumber: 9001
gidNumber: 9001
homeDirectory: /home/boo
gecos: boo
displayName: boo
email: boo@yahoo.it
givenName: boo
sn: boo
userPassword:: e2NyeXB0fSQxJDJmU21EcVVsJFB1MHd5ZzRmNlIvbzdwcmtERnFNcy4=

By having a look at the password, I notice that it's different:
python -c "import base64; print base64.b64decode('e01ENX1JS3JwYTl1OC9KOXozVnJ5RDBE ekVRPT0=')"
{MD5}IKrpa9u8/J9z3VryD0DzEQ==
python -c "import base64; print base64.b64decode('e2NyeXB0fSQxJDJmU21EcVVsJFB1MHd5 ZzRmNlIvbzdwcmtERnFNcy4=')"
{crypt}$1$2fSmDqUl$Pu0wyg4f6R/o7prkDFqMs.

It looks like it's using different encryption isnt'?


It's now that if I run passwd again that I get an error:

Code:
[boo@nassettone ~]$ passwd
Changing password for user boo.
Enter login(LDAP) password:
LDAP Password incorrect: try again
Enter login(LDAP) password:
LDAP Password incorrect: try again
Enter login(LDAP) password:
[boo@nassettone ~]$
If I run:

Code:
getent shadow now:
boo:$1$2fSmDqUl$Pu0wyg4f6R/o7prkDFqMs.:15078::999999:7:::
Reply With Quote
Reply

Tags
change, ldap, password, user

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to change user name and password RobbyD Using Fedora 1 5th November 2008 08:29 PM
LDAP users change own password tornadof3 Servers & Networking 0 24th April 2008 01:52 PM
Anyone can change my root or user password? newbie2fedora Using Fedora 12 10th August 2005 07:14 PM
Cannot Add a User or Change Root Password leonard.sokol Using Fedora 0 25th June 2005 04:13 PM


Current GMT-time: 18:05 (Thursday, 24-04-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat