OpenSSH public key problem with Solaris 10 and LDAP users?

Douglas E. Engert deengert at anl.gov
Fri Aug 17 00:44:38 EST 2007



Douglas E. Engert wrote:
> Since you are using Solaris, and the problem is with old users, added with
> the PADL MigrationTools, vs new users, this might be a userPassword
> attribute issue in LDAP.
> 
> The PADL will add the old password to LDAP using the string: {crypt}crypted-password
> where crypted-password was copied from /etc/shadow or NIS.
> 
> If you used some other tool to add new users to ldap with a userPassword
> (or no userPasswrod) it might be adding a value which the Solaris pam
> considers to be a locked account. So look at how you added the
> new users to ldap.
> 
> Test as *root* with:
> 
>   ldaplist -l username

Opps...

ldaplist -l passwd username


> 
> It should have a line with
>   userPassword: {crypt}crypted-password
> 
> If its not{crypt}something
> then try changing it to use {crypt}
> 
> the getpw.c program I sent yesterday should return (assuming the username
> is not also in the local /etc/passwd file):
> useranme:x:...
> username:crypted-password:...
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


More information about the openssh-unix-dev mailing list