Hi list,
I'm using a SSH gateway where our users are authenticated against an
openldap server. It's working great and the users can also change their
password with the 'passwd' command.
My problem is that recently I've tested our users's password for weak
entries (with john the ripper) and found that all the password changed
with 'passwd' and thus pam_ldap where stored in the directory in
cleartext form instead of SSHA. I have "password-hash {SSHA}" in
slapd.conf and though that means that SSHA hashes was enforced for all
stored password. Both servers are Centos 4.4 fully updated and
everything came from standard repositories.
Is there someone who manage to use pam_ldap and the use of the 'passwd'
command result in a SSHA hashed's password in the directory?
Thanks,
kfx