Password Problems on a Linux LDAP client bound to Mac OS X LDAP server

Smoot Carl-Mitchell smoot at
Wed Jan 7 19:24:51 UTC 2009

On Wed, 2009-01-07 at 06:06 -0500, Michael Peek wrote:

> Problem solved.  It's a PAM thing.  The solution is to edit 
> /etc/pam.d/common-* and make the following changes:

Good catch!  I was doing some research to try and figure out what was
going on, but did not think of this particular problem.  The underlying
issue is the pam_unix module is interacting with the nss ldap library.
I assume you have ldap enabled in nsswitch.conf.  What happens is the
passwd line gets looked up by the nss ldap library and returns the LDAP
entry which includes the hashed password.  If the hash is not the crypt
form, then the pam_unix authentication fails.  This is why
authentication using a crypt password worked.

Smoot Carl-Mitchell
System/Network Architect
smoot at tic.comwhich
+1 480 922 7313
cell: +1 602 421 9005

More information about the ubuntu-users mailing list