I have an OpenSolaris machine here; I'm using it for the first time because I want to try out ZFS. ZFS itself is working great, but I cannot get opensolaris to authenticate against our openldap directory running on Linux with md5 or sha passwords; only crypt passwords work. I'd prefer not to have to use crypt passwords; is there some magic setting I'm missing that will enable md5 passwords to authenticate?
UNIX LDAP authentication via PAM can happen via two different modules.
The default (at least for *Solaris) is pam_unix, where the OS will actually pull back the passwords stored in LDAP and do a local comparison. In this case, the host OS has to understand the hash method, which is why crypt passwords work but the other hash types don't.
The other mechanism, which I think you need, is pam_ldap, where the task of validating the password is completely passed to the LDAP server. In that case, as long as the LDAP server understands how to do the comparison, you are fine.
The man page for pam_ldap will go into more detail.
You can find an example pam.conf using pam_ldap for opensolaris at: http://docs.oracle.com/cd/E19082-01/819-3194/schemas-111/index.html
Note: always make sure you are keeping a spare root window open when testing PAM changes since it is easy to accidentally break authentication