2013/2/28 Jonathan Disher <[email protected]>: > Nevermind, I figured out my problem. > > I am using LDAP Account Manager (www.ldap-account-manager.org), and trying > to use their self-service tool to let people change their own passwords. > The problem was that the tool was presenting a pre-SSHA crypted password > to the module, which obviously won't fly. > > If I change the self-service tool to send PLAIN (but leave the default > password storage as SSHA), it goes through the check_password module, and > gets stored as an SSHA hash: > > Feb 27 23:25:53 ldap1 slapd[29447]: check_password: Found punctuation > character - quality raise 1 > Feb 27 23:25:53 ldap1 slapd[29447]: check_password: Found upper character > - quality raise 2 > Feb 27 23:25:53 ldap1 slapd[29447]: check_password: Found digit character > - quality raise 3 > Feb 27 23:25:53 ldap1 slapd[29447]: check_password: Found lower character > - quality raise 4 > Feb 27 23:25:53 ldap1 slapd[29447]: check_password: Cracklib verification > disabled by configuration > > Sorry for the runaround (but maybe someone else will find it useful), and > thanks!
You could also set pwdCheckQuality to 0 or 1, that will allow to change password with SSHA scheme, but of course will disallow any quality checks. So your solution is the best, to force clients to use plain passwords in the modify request. Clément. _______________________________________________ ltb-users mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-users
