Hello Folks!
System: Centos5.4
I use OpenLDAP as backend and PAM for virtualmin+usermin+webmin. All work fine exept when the password has aged and a new one is prompted when logging in to usermin.
This is what is shown:
Failed to change password : PAM error : LDAP Password incorrect: try again
It is possible to change password as logged in user i usermin or webmin and from unix command line, also admin can change password for other users.
When logging in using ssh, the user get prompted and can successfully change password and thereafer login with new password.
I have tried using the same pam-file settings for usermin as ssh, it did not help.
cat /etc/pam.d/usermin
#%PAM-1.0
auth include system-auth
account include system-auth
session include system-auth
password include system-auth
cat /etc/pam.d/sshd
#%PAM-1.0
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
cat /etc/pam.d/system-auth
#%PAM-1.0
This file is auto-generated.
User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_ldap.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
password requisite pam_cracklib.so try_first_pass retry=3
password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok
added use_authok use_first_pass
password sufficient pam_ldap.so use_first_pass
password required pam_deny.so
session required pam_limits.so
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session required pam_unix.so
auth required pam_deny.so
account sufficient pam_ldap.so
session sufficient pam_ldap.so
Anyone who knows ?
Regards //
// Peter Steen