Novell is now a part of Micro Focus

Password Changing and PAM_LDAP (Linux)

Novell Cool Solutions: Trench
By Casper Peterson

Digg This - Slashdot This

Posted: 14 May 2003

See the update to this tip from g.m.vandendobbelsteen below.

Per the established default, a user does not have rights to change their own password (passwd command) when pam_ldap is used.

Make the following changes to /etc/ldap.conf:

pam_password clear

And add the following NDS rights to the objects NDS rights to self:

Password Management [w]
shadowLastChange [w]

Password Management can also be applied to a container. Remember to set "Inheritable" to enable in sub-container.

For more information about Authenticating Users to UNIX Systems see this AppNote: Authenticating Users to UNIX Systems with Novell eDirectory and LDAP

Reader Update

This is not entirely true. You can modify the pam.d/passwd file for password changes. We've successfully implemented this for several UNIX systems. You need to use pam_password nds for that, and pam_ldap will take care of everything. -- g.m.vandendobbelsteen

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions.

© Copyright Micro Focus or one of its affiliates