Password Problems on a Linux LDAP client bound to Mac OS X LDAP server
On Wed, 2009-01-07 at 06:06 -0500, Michael Peek wrote:
> Problem solved. It's a PAM thing. The solution is to edit
> /etc/pam.d/common-* and make the following changes:
Good catch! I was doing some research to try and figure out what was
going on, but did not think of this particular problem. The underlying
issue is the pam_unix module is interacting with the nss ldap library.
I assume you have ldap enabled in nsswitch.conf. What happens is the
passwd line gets looked up by the nss ldap library and returns the LDAP
entry which includes the hashed password. If the hash is not the crypt
form, then the pam_unix authentication fails. This is why
authentication using a crypt password worked.