Jim Seymour
2016-10-19 15:44:10 UTC
Hi There,
I hope this is the Right Place. Don't know if this is a bug, a known
incompatibility issue or a configuration error. I've searched and
searched and have not been able to determine that.
System: Ubuntu 14.04.5 LTS
OpenLDAP: 2.4.31
CVS: 1.12.13
We're using OpenLDAP, via PAM, for user credentials. Some users can log
on to the system just fine. But, if they try to:
$ export CVSROOT=':pserver:***@somehost.example.com:/prj/cvshome'
$ cvs login
Logging in to :pserver:***@somehost.example.com:2401/prj/cvshome
CVS password:
cvs login: authorization failed: server somehost.example.com
rejected access to /prj/cvshome for user somebody
Other users worked just fine. I figured out why it worked for some, but,
not for others: Password encryption type.
Many users have {CRYPT}-encrypted passwords. Newer users are
{SSHA}-encrypted. If I take a user whose cvs login is failing, *manually*
generate a {CRYPT}-encrypted password and emplace it using ldapmodify:
They're in.
Can anybody tell me what's going on and how I can fix it, short of
switching our OpenLDAP password storage back to the inferior {CRYPT}
encryption?
Thanks,
Jim
I hope this is the Right Place. Don't know if this is a bug, a known
incompatibility issue or a configuration error. I've searched and
searched and have not been able to determine that.
System: Ubuntu 14.04.5 LTS
OpenLDAP: 2.4.31
CVS: 1.12.13
We're using OpenLDAP, via PAM, for user credentials. Some users can log
on to the system just fine. But, if they try to:
$ export CVSROOT=':pserver:***@somehost.example.com:/prj/cvshome'
$ cvs login
Logging in to :pserver:***@somehost.example.com:2401/prj/cvshome
CVS password:
cvs login: authorization failed: server somehost.example.com
rejected access to /prj/cvshome for user somebody
Other users worked just fine. I figured out why it worked for some, but,
not for others: Password encryption type.
Many users have {CRYPT}-encrypted passwords. Newer users are
{SSHA}-encrypted. If I take a user whose cvs login is failing, *manually*
generate a {CRYPT}-encrypted password and emplace it using ldapmodify:
They're in.
Can anybody tell me what's going on and how I can fix it, short of
switching our OpenLDAP password storage back to the inferior {CRYPT}
encryption?
Thanks,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.