Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

LDAP password question

1 view
Skip to first unread message

Ramon Frontera

unread,
Oct 10, 2008, 1:44:24 PM10/10/08
to
Hello,

we're running:

%PMDF-I-VERSION, PMDF version is PMDF V6.3
hp AlphaServer GS1280 7/1300 running OpenVMS Alpha V8.3
PMDF_SHARE_LIBRARY version V6.3-x13; linked 00:12:58, Aug 26 2007

We have the OpenVMS authentication method with LDAP. We use the
ExtAuth flag.

When we do a telnet connection to the server the password is case
sensitive.

In the pmdf_table:security.cnf we have:

[RULESET=default]
ENABLE=SYSTEM/PLAIN,LOGIN/*

But the PMDF clients authentication is not case sensitive.
OpenVMS synchronizes the system password with LDAP password.
It seems that PMDF tries to authenticate by LDAP and then with the
OpenVMS system password.

If you change the password in the OpenVMS system password (sysuaf),
the password now is case sensitive.

Do you now the reasson???

Thanks in advance

Regards,

------------------------------------------
Ramon Frontera Gallardo
Centre de Tecnologies de la Informació
Universitat de les Illes Balears
Ctra. Valldemossa km 7,5
07122 Palma de Mallorca
E-mail: Ramon.f...@uib.es
------------------------------------------







Valerie Miller

unread,
Oct 10, 2008, 1:52:04 PM10/10/08
to
>In the pmdf_table:security.cnf we have:
>
>[RULESET=default]
>ENABLE=SYSTEM/PLAIN,LOGIN/*

You have not listed LDAP as an authentication source in this ENABLE option, so
PMDF is not checking for the username/password in LDAP. Since you only have
SYSTEM listed as an authentication source (LOGIN points to SYSTEM), PMDF is
only using the VMS SYSUAF to verify the username/password. (If there is some
way to configure VMS itself to check LDAP when the SYSUAF is queried, and you
have configured that, then it is VMS doing that, not PMDF.)


>If you change the password in the OpenVMS system password (sysuaf),
>the password now is case sensitive.

I don't know if this is what you are seeing, but in VMS 8.3, there is an
available flag in SYSUAF called PWDMIX which enables case-sensitive passwords.
(See help in authorize for more information.)

Ken Connelly

unread,
Oct 10, 2008, 2:17:15 PM10/10/08
to
PWDMIX is also available in 7.3-2 after applying some patch (exactly
which patch escapes my memory at the moment).

- ken

--
- Ken
=================================================================
Ken Connelly Associate Director, Security and Systems
ITS Network Services University of Northern Iowa
email: Ken.Co...@uni.edu p: (319) 273-5850 f: (319) 273-7373

Ramon Frontera

unread,
Oct 15, 2008, 6:05:59 AM10/15/08
to
Hello,

Thanks for your help!
I was confused because without PWDMIX flag, the telnet connection is
Case sensitive.

Regards,
------------------------------------------
Ramon Frontera Gallardo
Centre de Tecnologies de la Informació
Universitat de les Illes Balears
Ctra. Valldemossa km 7,5
07122 Palma de Mallorca
E-mail: Ramon.f...@uib.es
------------------------------------------







0 new messages