[Fedora-directory-users] allowing users to change their own passwords (solaris 10)

George Holbert gholbert at broadcom.com
Wed Feb 22 21:29:00 UTC 2006 

Susan,

What does your PAM password stack look like on the Solaris 10 client?
-- George

Susan wrote:
> Well, I've gotten authentication working for solaris 10 & FDS.  (Thank you, everybody)
>
> As root, I can change any user's password and that works.  As a regular user, however, no luck:
>
> -bash-3.00$ passwd
> passwd: Changing password for test
> passwd: Sorry, wrong passwd
> Permission denied
>
> -bash-3.00$ passwd -r ldap
> passwd: Changing password for test
> passwd: Sorry, wrong passwd
> Permission denied
> -bash-3.00$ 
>
> I've this aci:
>
> (targetattr="carLicense ||description ||displayName ||facsimileTelephoneNumber ||homePhone
> ||homePostalAddress ||initials ||jpegPhoto ||labeledURL ||mail ||mobile ||pager ||photo
> ||postOfficeBox ||postalAddress ||postalCode ||preferredDeliveryMethod ||preferredLanguage
> ||registeredAddress ||roomNumber ||secretary ||seeAlso ||st ||street ||telephoneNumber
> ||telexNumber ||title ||userCertificate ||userPassword ||userSMIMECertificate
> ||x500UniqueIdentifier")(version 3.0; acl "Enable self write for common attributes"; allow (write)
> userdn="ldap:///self";)
>
> Doesn't seem to be doing anything, even though userPassword is in there. Btw, in Linux, non-root
> users can change their passwords just fine!
>
> I've also two of these ACIs which I got from Gary Tay's site:
>
> (target="ldap:///dc=company,dc=com")(targetattr="userPassword")(version 3.0; acl
> LDAP_Naming_Services_proxy_password_read; allow (compare,search) userdn =
> "ldap:///cn=proxyagent,ou=profile,dc=company,dc=com";)
>
> (targetattr =
> "cn||uid||uidNumber||gidNumber||homeDirectory||shadowLastChange||shadowMin||shadowMax||shadowWarning||shadowInactive||shadowExpire||shadowFlag||memberUid")(version
> 3.0; acl LDAP_Naming_Services_deny_write_access;deny (write) userdn = "ldap:///self";)
>
> They seem to doing nothing either, i.e. removing them neither fixes nor breaks anything.
>
> Nothing in server/client logs either...
>
> Any ideas?
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>

More information about the Fedora-directory-users mailing list