[SOLVED] Re: OpenSSH public key problem with Solaris 10 and LDAP users?

Alexander Skwar listen at alexander.skwar.name
Fri Aug 17 02:00:38 EST 2007


Douglas E. Engert <deengert at anl.gov> wrote:
> Alexander Skwar wrote:
>> Douglas E. Engert <deengert at anl.gov> wrote:

>>> the getpw.c program I sent yesterday should return (assuming the
>>> username is not also in the local /etc/passwd file):
>>> useranme:x:...
>>> username:crypted-password:...
>> 
>> Ah!
>> 
>> --($:~/Source/pamtest)-- sudo ./getpw askwar
>> STDC = __STDC__
>> askwar:x:10001:10:Alexander
>> Skwar,alexander.skwar at Exampleauto.com:/export/home/askwar:/opt/csw/bin/bash
>> askwar:cd9--------psA:13503:-1:-1-1:-1:-1:0
>> 
>> --($:~/Source/pamtest)-- sudo ./getpw testing
>> STDC = __STDC__
>> testing:x:54321:10:Alexander
>> Skwar,alexander.skwar at Exampleauto.com:/export/home/testing:/opt/csw/bin/bash
>> testing:*NP*:-1:-1:-1-1:-1:-1:0
>> 
>> *NP* for testing? Why's that? Why's there a difference?
> 
> 
> This could be the problem. NP is used for OK to login if you can
> authenticate some other way. *NP* may be considered locked,
> as * is not a valid crypt character.
> 
> Try using ldapmodify to change the password to {crypt}NP
> 
> See of you can get the  phpLdapAdmin to add NP rather then *NP*
> Or set some valid password.

Uhm - I DO have a valid password for the "testing" user. And
as soon as I remove "askwar" from /etc/shadow, I also get *NP* (no
password, I guess?) when I run getpw. Is that not the way you
expect it to be?

Alexander Skwar



More information about the openssh-unix-dev mailing list