This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author dmalcolm
Recipients dmalcolm, halfie
Date 2012-05-08.15:58:33
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1336492714.38.0.953778114728.issue14748@psf.upfronthosting.co.za>
In-reply-to
Content 
Like passwd and group information, the shadow password entries are pulled through libc's Name Service Switch and modules for it, depending on configuration.

See "man nsswitch.conf".

Hence this is likely to be a configuration difference between the two boxes.  Some notes from one of my Red Hat colleagues:
* Is a module listed in /etc/nsswitch.conf so that it'll be used to look
  up "shadow" information?
* Does the module support looking up shadow information?
  The libnss_ldap.so.2 stub from nss-pam-ldapd does; SSSD (at least
  version 1.8.3) doesn't.
* Are there shadowAccount entries in the directory server?
  An IPA server won't have them, because IPA makes use of the directory
  server's built-in password policy functionality to avoid depending on
  clients to enforce aging policies.
* Is the client performing the lookup authorized to read the shadow data
  from the directory server?
* Does the client perform any additional access control?
  The daemon in nss-pam-ldapd only exposes shadow information to
  processes running as UID 0.
etc

Hope this is helpful
History
Date User Action Args
2012-05-08 15:58:34dmalcolmsetrecipients: + dmalcolm, halfie
2012-05-08 15:58:34dmalcolmsetmessageid: <1336492714.38.0.953778114728.issue14748@psf.upfronthosting.co.za>
2012-05-08 15:58:33dmalcolmlinkissue14748 messages
2012-05-08 15:58:33dmalcolmcreate