Hi All I am trying to change the password using passwd, please see the below :
[xyz@server ~]$ passwd Changing password for user xyz. Enter login(LDAP) password: New UNIX password: Retype new UNIX password: *LDAP password information update failed: Confidentiality required* *Operation requires a secure connection.* The error log shows Nov 13 11:47:17 HA-Dev-Nymgo-100-45 passwd: pam_unix(passwd:chauthtok): user "xyz" does not exist in /etc/passwd Pam config follows : /etc/pam.d/passwd #%PAM-1.0 auth include system-auth account include system-auth password include system-auth ~ /etc/pam.d/system-auth #/etc/pam.d/system-auth #%PAM-1.0 auth required pam_env.so auth sufficient pam_unix.so auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account sufficient pam_unix.so account sufficient pam_ldap.so use_first_pass account required pam_deny.so password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok password required pam_deny.so #password required pam_cracklib.so retry=3 minlen=2 dcredit=0 ucredit=0 #password sufficient pam_unix.so nullok use_authtok md5 shadow #password sufficient pam_ldap.so #password required pam_deny.so session optional pam_mkhomedir.so skel=/etc/skel/ umask=0022 session required pam_limits.so session required pam_unix.so session optional pam_ldap.so ~ ~ On Tue, Nov 13, 2012 at 11:15 AM, Arpit Tolani <arpittol...@gmail.com>wrote: > Hello > > > > On Tue, Nov 13, 2012 at 1:10 PM, Ali Jawad <ali.ja...@splendor.net> wrote: > > Hi Arpit > > Actually I was attempting to change the password using command line > > > > passwd > > > > I.e. each user changes his own password, is passwd the right choice here > ? > > > > Yes, passwd is right choice, considering you have pam_ldap.so properly > configured & yes passwd dont need ssl/tls to be configured. > > > > Regards > > > > On Mon, Nov 12, 2012 at 11:27 PM, Arpit Tolani <arpittol...@gmail.com> > > wrote: > >> > >> Hello > >> > >> On Tue, Nov 13, 2012 at 12:33 AM, Ali Jawad <ali.ja...@splendor.net> > >> wrote: > >> > In that case I have a major overhaul that I need to complete, change > >> > password is not working for me, my assumption is that it only works > with > >> > TLS > >> > enabled between the client and the server, I have tried to get TLS to > >> > run a > >> > few times but could not get it to run so far. Am I right about the > >> > assumption that I need encryption between the server and the clients > for > >> > password change to work ? > >> > Regards > >> > > >> > >> When using ldappasswd command, Yes ssl/tls is mandatory, Try changing > >> password using ldapmodify, it doesnt required ssl/tls connection. > >> > >> > > >> > On Mon, Nov 12, 2012 at 8:56 PM, Mark Reynolds <marey...@redhat.com> > >> > wrote: > >> >> > >> >> Only "crypt" uses the first 8 characters, so any other scheme would > be > >> >> fine. After you change the scheme you will need to force all the > users > >> >> to > >> >> change their passwords - otherwise their crypt passwords will still > be > >> >> present. > >> >> > >> >> > >> >> > >> >> On 11/12/2012 01:52 PM, Ali Jawad wrote: > >> >> > >> >> Hi All > >> >> This is an all Linux environment with 389 being used as the sole > >> >> authentication mechanism, I do believe I am using crypt, I am out of > >> >> office > >> >> right now, what should I use instead of crypt to match more > characters > >> >> ? > >> >> Regards > >> >> > >> >> On Mon, Nov 12, 2012 at 7:02 PM, Mark Reynolds <marey...@redhat.com> > >> >> wrote: > >> >>> > >> >>> Also what password storage scheme are you using? For example > "crypt" > >> >>> only checks the first 8 characters of a password. > >> >>> > >> >>> > >> >>> On 11/12/2012 11:18 AM, Dan Lavu wrote: > >> >>> > >> >>> In regards to a password policy? Just 389 or are you using winsync > >> >>> with > >> >>> AD? Because the password policy from AD does not transfer over. Also > >> >>> they > >> >>> are some extra steps if you want to setup an OU based password > policy > >> >>> but if > >> >>> you just do it for the entire directory through ‘configuration’ it > >> >>> works > >> >>> with no issues. > >> >>> > >> >>> Dan > >> >>> > >> >>> From: Ali Jawad <ali.ja...@splendor.net> > >> >>> Sent: November 12, 2012 6:00 AM > >> >>> To: General discussion list for the 389 Directory server project. > >> >>> Subject: [389-users] Password + anything works ? > >> >>> > >> >>> Hi > >> >>> I just noticed that you can use the password+ANYLetters and it will > >> >>> work, > >> >>> I.e. if the password is xyz xyz99 or xyzABC will work as well, is > this > >> >>> a > >> >>> misconfiguration on my part or a bug ? > >> >>> Regards > >> >>> > >> > >> Regards > >> Arpit Tolani > >> -- > >> 389 users mailing list > >> 389-users@lists.fedoraproject.org > >> https://admin.fedoraproject.org/mailman/listinfo/389-users > > > > > > > > > > -- > > Ali Jawad > > Information Systems Manager > > CISSP - PMP - ITIL V3 - RHCE - VCP - C|EH - CCNA - MCSA > > Splendor Telecom (www.splendor.net) > > Beirut, Lebanon > > Phone: +9611373725/ext 116 > > FAX: +9611375554 > > > > > > > > -- > > 389 users mailing list > > 389-users@lists.fedoraproject.org > > https://admin.fedoraproject.org/mailman/listinfo/389-users > > -- > Regards > Arpit Tolani > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users > -- *Ali Jawad * *Information Systems Manager CISSP - PMP - ITIL V3 - RHCE - VCP - C|EH - CCNA - MCSA * *Splendor Telecom (www.splendor.net) Beirut, Lebanon Phone: +9611373725/ext 116 FAX: +9611375554 *
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users