aru Posted May 1, 2003 Report Share Posted May 1, 2003 MandrakeSoft Bugfix Advisory MDKA-2003:009 : openldap May 1st, 2003 Updated openldap packages fix multiple bugs The OpenLDAP packages in Mandrake Linux 9.1 did not properly migrate data from previous versions. This update provides a fix that corrects this issue. The updated packages also correct a problem that has been persistent in Mandrake Linux for some time. Previously, attempting to use OpenLDAP for authentication would result in strange system behaviour because OpenLDAP was using a MD5 hash internally that was incompatible with the system crypt(3) MD5 hash. This would result in authentication working with nss_ldap, but not with pam_ldap. If one used ldappasswd to change a password, authentication would work with pam_ldap but not nss_ldap. The OpenLDAP packages have been updated to use the crypt(3) MD5 hash at all times. As well, if OpenLDAP was used for authentication on Mandrake Linux 9.1, sshd would segfault when attempting to login as an LDAP user. The new pam_ldap and nss_ldap packages correct this problem. WARNING: Users who are currently using pam_ldap with OpenLDAP, and who have used ldappasswd to change user passwords may have the MD5 hash that is not compatible with crypt(3) used to store the userPassword. If this is the case, updating to these packages may require you to, as root, change the password for each user with a now incompatible password. The released versions of Mandrake GNU/Linux affected are: 8.2 [*] 8.2/PPC [*] 9.0 [*] 9.1 [*] 9.1/PPC [*] Multi Network Firewall 8.2 [*] Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKA-2003:009 Posted automatically by aru (mdksec2mub v0.0.5) Link to comment Share on other sites More sharing options...
Recommended Posts