[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Fedora-directory-users] allowing users to change their own passwords (solaris 10)



Susan,

What does your PAM password stack look like on the Solaris 10 client?
-- George

Susan wrote:
Well, I've gotten authentication working for solaris 10 & FDS.  (Thank you, everybody)

As root, I can change any user's password and that works.  As a regular user, however, no luck:

-bash-3.00$ passwd
passwd: Changing password for test
passwd: Sorry, wrong passwd
Permission denied

-bash-3.00$ passwd -r ldap
passwd: Changing password for test
passwd: Sorry, wrong passwd
Permission denied
-bash-3.00$
I've this aci:

(targetattr="carLicense ||description ||displayName ||facsimileTelephoneNumber ||homePhone
||homePostalAddress ||initials ||jpegPhoto ||labeledURL ||mail ||mobile ||pager ||photo
||postOfficeBox ||postalAddress ||postalCode ||preferredDeliveryMethod ||preferredLanguage
||registeredAddress ||roomNumber ||secretary ||seeAlso ||st ||street ||telephoneNumber
||telexNumber ||title ||userCertificate ||userPassword ||userSMIMECertificate
||x500UniqueIdentifier")(version 3.0; acl "Enable self write for common attributes"; allow (write)
userdn="ldap:///self";;)

Doesn't seem to be doing anything, even though userPassword is in there. Btw, in Linux, non-root
users can change their passwords just fine!

I've also two of these ACIs which I got from Gary Tay's site:

(target="ldap:///dc=company,dc=com";)(targetattr="userPassword")(version 3.0; acl
LDAP_Naming_Services_proxy_password_read; allow (compare,search) userdn =
"ldap:///cn=proxyagent,ou=profile,dc=company,dc=com";;)

(targetattr =
"cn||uid||uidNumber||gidNumber||homeDirectory||shadowLastChange||shadowMin||shadowMax||shadowWarning||shadowInactive||shadowExpire||shadowFlag||memberUid")(version
3.0; acl LDAP_Naming_Services_deny_write_access;deny (write) userdn = "ldap:///self";;)

They seem to doing nothing either, i.e. removing them neither fixes nor breaks anything.

Nothing in server/client logs either...

Any ideas?

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
--
Fedora-directory-users mailing list
Fedora-directory-users redhat com
https://www.redhat.com/mailman/listinfo/fedora-directory-users




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]