[cups] authentication of Linux users against /etc/shadow *and* LDAP

[Matthias Apitz]

El día jueves, septiembre 28, 2017 a las 01:31:40p. m. -0400, Michael Sweet escribió:

> You want to update the /etc/nsswitch.conf file to tell the C library where to get the groups and users.
> 

Michael,


The file /etc/nsswitch.conf has:

passwd: compat ldap
group:  compat ldap
shadow: compat ldap

The C-call:

    spw = getspnam("sisis");
    endspent();
    printf("sisis: %s\n", spw->sp_pwdp);

looks first into the file /etc/shadow, where the given
user 'sisis' has no entry, and than chats
with the LDAP server, which does not deliver any hash of
the password and the spw->sp_pwdp is set to "*" (which makes the comparisation of
the hash of what the user provides as password in CUPS failing):

connect(3, {sa_family=AF_INET, sin_port=htons(389), sin_addr=inet_addr("10.23.5.48")}, 16) = -1 EINPROGRESS (Operation now in progress)
write(3, "09\2\1\1`4\2\1\3\4%uid=hostBind,ou=manage,dc=XXXX,dc=org\200\10jetplane", 59) = 59
read(3, "0\f\2\1\1a\7\n", 8)            = 8
read(3, "\1\0\4\0\4\0", 6)              = 6
write(3, "0\201\311\2\1\2c\201\303\4\16dc=XXXX,dc=org\n\1\2\n\1\0\2\1\1\2\1\n\1\1\0\240,\243\34\4\vobjectClass\4\rshadowAccount\243\f\4\3uid\4\5sisis0t\4\3uid\4\fuserPassword\4\20shadowLastChange\4\tshadowMax\4\tshadowMin\4\rshadowWarning\4\16shadowInactive\4\fshadowExpire\4\nshadowFlag", 204) = 204
read(3, "0Q\2\1\2dL\4", 8)              = 8
read(3, "\"uid=sisis,ou=people,dc=XXXX,dc=org0&0\24\4\tshadowMax1\7\4\005999990\16\4\3uid1\7\4\5sisis", 75) = 75
read(3, "0\f\2\1\2e\7\n", 8)            = 8
read(3, "\1\0\4\0\4\0", 6)              = 6
write(1, "sisis: *\n", 9)               = 9

-- 
Matthias Apitz, ✉ guru at unixarea.de, ⌂ http://www.unixarea.de/  ☎ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub