Results 1 to 3 of 3

Thread: user password being save in clear text

  1. #1
    Join Date
    Sep 2009
    Location
    UK
    Posts
    310

    Default user password being save in clear text

    I have set up my box to use ldap and I enter a users details in YaST
    and for the sake of simplicity I make the password 123456
    The user gets created on the ldap server and everything seems Ok
    However I can't log in as that user and if I go to the ldap
    browser the password is in plain text Instead of saying
    {ssha}i345y9345yr34 or whatever is says {exop}123456

    What have I done wrong ?

    Ta

    M

  2. #2
    Join Date
    Sep 2009
    Location
    UK
    Posts
    310

    Default Re: user password being save in clear text

    Forget this one. You have to add the configuration modules in the Ldap client bit for opensuse that Novel Suse does for you

  3. #3

    Default Re: user password being save in clear text

    thought I would expand on the 03/28/2011 post since it helped me with the same problem.

    in Yast under LDAP Client
    "Advanced Options" button
    "Administration Settings" tab
    check "Create Default Configuration Objects"
    click OK twice

    This will create the default attributes and templates used by SuSE to add, access, and maintain users via LDAP through YaST.
    Any new LDAP users added through YaST will be added to your LDAP database under "people"

    I think you only run into this issue if you skip the LDAP option when first installing SuSE.
    Like a lot of other newbies I did not know enough about LDAP to choose that SuSE install option.

    Notes:
    Only needs to be run once per LDAP database used for user authentication.
    if you decide to change the name of your database (base DN) (i.e. create a new database) because you have learned more about LDAP then you have to run the option on the new database.
    You need to run the option before you add LDAP users through YaST.
    If not, they will disappear from the user list in YaST when you run the option and you will have to re-add them.
    The users added before running the option will be in the database but not under "people" and their passwords will be clear text.

    The problem I was having that brought me to this post was I could run ldapsearch using the admin CN but not with any of the LDAP users I created with YaST.
    I would get the infamous "Invalid Credentials" error.
    All my users had the clear text {exop}secret in the UserPassword attribute of the LDAP database.
    If I changed the "Password Change Protocol" to crypt in the LDAP Client module of YaST everything worked fine. (after resetting the password for the user in user maintenance) but if I changed the Protocol back to exop the Credential error repeated.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •