Hi list, I'm using a SSH gateway where our users are authenticated against an openldap server. It's working great and the users can also change their password with the 'passwd' command. My problem is that recently I've tested our users's password for weak entries (with john the ripper) and found that all the password changed with 'passwd' and thus pam_ldap where stored in the directory in cleartext form instead of SSHA. I have "password-hash {SSHA}" in slapd.conf and though that means that SSHA hashes was enforced for all stored password. Both servers are Centos 4.4 fully updated and everything came from standard repositories. Is there someone who manage to use pam_ldap and the use of the 'passwd' command result in a SSHA hashed's password in the directory? Thanks, kfx
I respond to myself (Thanks Warren). Adding "pam_password exop"to /etc/ldap.conf made the trick. Regards, kfx