search
top

How To Fix RHEL / CentOS 6.4 LDAP MD5 Cert Error

Recently we updated to the latest RHEL 6.4 which caused LDAP to stop using our MD5 signed  certificate. This was due to the nss-3.14.0 update that now deems MD5 as unsecure. This change caused authentication of users using LDAP to fail. If the account had a local password (such as root), they were able to login.

Since creating / updating the MD5 certificate was not an immediate solution for us we had to find a way to use what we have while we work on a permanent solution Here are a few of the workarounds.

Option 1

The first option involves modifying each kernel line in /etc/grub.conf and adding support for MD5 as well as creating a file in /etc/profile.d exporting this variable. In our situation this option did not work, but others on the Internet it worked.

Add in /etc/grub.conf to the end of kernel lines
systemd.setenv=NSS_HASH_ALG_SUPPORT=+MD5

Create /etc/profile.d/nss.sh
export NSS_HASH_ALG_SUPPORT=+MD5

Reboot the server

Option 2

The second option adds the export option to /etc/sysconfig/init. This option worked for allowing users to connect via ssh, but it did not allow authentication when accessing via a console, like Open Console option in vSphere.

Add to /etc/sysconfig/init
export NSS_HASH_ALG_SUPPORT=+MD5

Reboot the server

Option 3

The third option involves downgrading nss packages to 3.13 and adding an exclusion in /etc/yum.conf to not allow an update to nss 3.14 or higher. This was the option that worked for our situation.

You will need to downgrade nss, nss-tools, nss-sysinit and nss-util.

yum downgrade nss nss-tools nss-sysinit nss-util

Next open /etc/yum.conf and add / change:

exclude=nss*

Reboot the server

I hope one of these options helps you in your situation.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

top
Life of a Geek Admin
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.