[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5766) smbkrb5 overlay doesn't honour kerberos principal expiration

To: openldap-its@OpenLDAP.org
Subject: (ITS#5766) smbkrb5 overlay doesn't honour kerberos principal expiration
From: Guillaume.Rousse@inria.fr
Date: Wed, 22 Oct 2008 10:45:41 GMT

Full_Name: Guillaume Rousse
Version: 2.4.11
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (193.55.250.67)


When using the smbkrb5 overlay, the {K5KEY} password can be used to make
autentication use kerberos credentials.

However, this redirection doesn't honour krb5ValidEnd or sambaKickoffTime
attribute, positionned by either heimdal or smbkrb5 overlay when setting an
expiration date to the kerberos principal. Whereas kdc refuses to provides a
ticket for the user, openldap still allows the user to authenticate.

Prev by Date: RE: (ITS#5765) Can not set log file with configdb
Next by Date: (ITS#5767) ppolicy doesn't recognize the smbkrb5-specific {K5KEY} storage scheme
Index(es):
- Chronological
- Thread