RHBA-2004:533 - Bug Fix Advisory

Topic

An updated nss_ldap package that fixes a bug in pam_ldap is now available.

Description

The nss_ldap module is a set of C library extensions that allow
applications to consult X.500 and LDAP directory servers for information
that would conventionally be stored in local files or distributed using NIS.

The pam_ldap module allows PAM-enabled applications to authenticate users
using a directory server.

When the pam_ldap module attempts to change a user's password by connecting
to a replica server, the replica server returns a referral record. This in
turn directs the client to make the change on a server which contains a
writable copy of an entry which corresponds to the user. If the entry is a
shadowAccount object, pam_ldap will attempt to modify the entry's
shadowLastChanged attribute to hold the current date. Previously, when the
module attempted to authenticate to the server to make this change, it
would attempt to authenticate using the user's previous password, so the
change would fail to be made.

All users of nss_ldap should upgrade to this updated package, which
resolves these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

• Red Hat Enterprise Linux Server 2 ia64
• Red Hat Enterprise Linux Server 2 i386
• Red Hat Enterprise Linux Workstation 2 ia64
• Red Hat Enterprise Linux Workstation 2 i386

Fixes

• BZ - 120523 - [patch] updateref not updating shadowLastChange from slave to master

CVEs

(none)

References

(none)