OpenSSH public key problem with Solaris 10 and LDAP users?
Douglas E. Engert
deengert at anl.gov
Fri Aug 17 00:15:58 EST 2007
Since you are using Solaris, and the problem is with old users, added with
the PADL MigrationTools, vs new users, this might be a userPassword
attribute issue in LDAP.
The PADL will add the old password to LDAP using the string: {crypt}crypted-password
where crypted-password was copied from /etc/shadow or NIS.
If you used some other tool to add new users to ldap with a userPassword
(or no userPasswrod) it might be adding a value which the Solaris pam
considers to be a locked account. So look at how you added the
new users to ldap.
Test as *root* with:
ldaplist -l username
It should have a line with
userPassword: {crypt}crypted-password
If its not{crypt}something
then try changing it to use {crypt}
the getpw.c program I sent yesterday should return (assuming the username
is not also in the local /etc/passwd file):
useranme:x:...
username:crypted-password:...
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the openssh-unix-dev
mailing list