RHEL/CentOS 6.4 LDAP MD5 Certificate Error Caused by NSS 3.14 Update
After a recent update to the latest RHEL 6.4, an issue arose that caused LDAP to stop using our MD5 signed certificate. This was due to the nss-3.14.0 update that now deems MD5 as un-secure. This change caused authentication of users using LDAP to fail. If the account had a local password (such as root), they were able to login.
Since creating/updating the MD5 certificate was not an immediate solution, there had to find a way to use the current certificate until a new one was generated. Here are a few of the workarounds.
The first option involves modifying each kernel line in /etc/grub.conf and adding support for MD5 as well as creating a file in /etc/profile.d exporting this variable. In our situation this option did not work, but for others on the internet it worked.
Add in /etc/grub.conf to the end of kernel lines:
Reboot the server.
The second option adds the export option to /etc/sysconfig/init. This option worked for allowing users to connect via SSH, but it did not allow authentication when accessing via a console, like open console option in vSphere.
Add to /etc/sysconfig/init
Reboot the server.
The third option involves downgrading nss packages to 3.13 and adding an exclusion in /etc/yum.conf to not allow an update to nss 3.14 or higher. This was the option that worked for our situation.
You will need to downgrade nss, nss-tools, nss-sysinit and nss-util:
$ sudo yum downgrade nss nss-tools nss-sysinit nss-util
Next open /etc/yum.conf and add/change:
Reboot the server.
All three options are only temporary and eventually an update to any modules that require nss .14 or higher will not be able to be applied until a new certificate is created.
Like us on Facebook
We need your assistance to stay live
This week Top Posts
- Top Things To Do After Installing Ubuntu 13.10 'Saucy Salamander' : Ubuntu 13.10 Saucy Salamander will be released on coming October 17th with many new salient featur...0 comments |
- How To Upgrade From Ubuntu 13.04 Raring To Ubuntu 13.10 Saucy Salamander : Ubuntu 13.10 Saucy will be released on October 17th. Hope it will come with lot of improvements and ...0 comments |
- Install LAMP Server (Apache, MySQL or MariaDB, PHP) On Ubuntu 13.10 : Updated January 12, 2014 LAMP is a combination of operating system and open-source software stack. ...0 comments |
- DNS Server Installation Step by Step Using CentOS 6.5/6.4/6.3 : DNS, Domain Name System, translates hostnames or URLs into IP addresses. For example if we type www....0 comments |
- Install lamp with 1 command in Ubuntu 12.10, 13.04 Raring Ringtail & LinuxMint13 : Updated: 10/09/2012 :LAMP (Linux, Apache, MySQL and PHP) is an open source Web development platform ...0 comments |
- How to Install uTorrent Client on Ubuntu/Debian/Linux Mint : uTorrent is a lightweight and efficient BitTorrent client for Linux, Windows OS and Mac OS. The inst...0 comments |
- How To “Fix E: Could not open file /var/lib/dpkg/status”
- Wow! Linux Foundation To Offer Free Linux Course This Summer Worth $2,400 on EdX
- Fedora 21 Scheduled For Release In October
- Install Uget Download Manager In Ubuntu, Fedora, Debian
- Download Elementary OS ‘Luna’ Official Wallpapers
- Install Power Commands 0.1.5 On Ubuntu 14.04/13.10/12.10/12.04
- 5 Android Apps that’s Going to Make Running Your Business Less Stressful
- Puppet agent Install Using Script
- Install Corosync and Pacemaker On CentOS 6.5
- Install Fail2Ban On Ubuntu Server 13.04/13.10
This work by unixmen.com is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
Copyright © 2008-2013 Unixmen.com .