Hi, maybe it is no bug in real. Because my LDAP user object has no shadowAccount objectClass, libnss-ldap makes "*" in the password field. When I add showAccount objectClass, it make "x" in the password field.
When the pam_unix functionality is correct to return SUCCESS on user with "*" in password field, then it is no bug, I think. Thank you for your help. Regards, Wolf. On Thu, 26 Apr 2007, Steve Langasek wrote: > reassign 416628 libnss-ldap > thanks > > On Thu, Apr 26, 2007 at 10:42:36AM +0200, Robert Wolf wrote: > > > If that isn't what you *want* to have happen, then you seem to have > > > misconfigured PAM. > > > *** The problem is that libnss-ldap version from Sarge returns line: > > > wolf:x:10001:100:Robert Wolf:/home/wolf:/bin/bash > > > and "x" means shadow. > > > But libnss-ldap from Etch returns line > > > wolf:*:10001:100:Robert Wolf:/home/wolf:/bin/bash > > > and "*" means "no password"(?) Or does it mean anything else? Is it the bug > > in > > libnss-ldap? > > > I have a userPassword attribute in LDAP server, but the anonymous user (and > > any > > other user except directory manager) cannot read it, it is possible only to > > bind with password. Is it correct that libnss-ldap returns "*" when it > > cannot > > see/read userPassword attribute? > > I don't know, but given that this is a behavior change in libnss-ldap, I'm > reassigning this bug there. > > Thanks, > -- > Steve Langasek Give me a lever long enough and a Free OS > Debian Developer to set it on, and I can move the world. > [EMAIL PROTECTED] http://www.debian.org/ > > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
