we've got a serious problem concerning changing a password with PAM and LDAP as userdata backend. We are using Novell SLES 9 SP 2 and Kerio Mailserver 6.1.2 and as mentioned everything works great except changing a password. Doing this on the linux prompt with 'passwd' works well, too.
A similar problem should be fixed since KMS v6.1.1 (form changelog: "- User with Linux PAM authentication could not change his password") but now with v6.1.2 there is no way for a user to change its own password.
As mentioned authentication works great with Webmail, Kerio Outlook Connector and on the linux prompt. But changing a user's password with the Webmail interface results in the following error message:
"New password is invalid"
The server logs the following in /var/log/messages:
Dec 16 16:14:52 linux mailserver: pam_ldap: error trying to bind as user "uid=<username>,ou=<org_unit>,dc=<ourdomain>,dc=<com> " (Invalid credentials)
Dec 16 16:14:52 linux last message repeated 2 times
Dec 16 16:14:52 linux mailserver: pam_ldap: error getting old authentication token (No module specific data is present)
In mailserver's warning-log says:
[16/Dec/2005 16:14:52] PAM failed setting new password for user <username> with Authentication failure
Quite strange is the behaviour when trying to set the new user password to its old. If you access the password-change-interface and provide the old password three times (in the fields: old pw, new pw, confirm new pw) a success message is returned and (of course) nothing is changed...
Does anyone has an idea what is going wrong?
Kerio discussion forums are intended for open communication between forum
members and may contain information and material posted by members which may
be useful in learning about Kerio products. The discussion forums are not
intended to provide technical support for any specific product. Any
information implied or expressed in the discussion forums is that of the
posting member. Kerio is in no way responsible for the information posted in
the forums, or its accuracy. Kerio employees may participate in the
discussions, but their postings do not represent an offical position of the
company on any issues raised or discussed. Kerio reserves the right to
monitor and maintain the forums to promote free and accurate exchange of