OpenLDAP
Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest

Viewing Software Enhancements/5234
Full headers

From: openldap2007@mnagl.de
Subject: Feature request: mit-kr5 support in smbk5pwd
Compose comment
Download message
State:
0 replies:
1 followups: 1

Major security issue: yes  no

Notes:

Notification:


Date: Wed, 14 Nov 2007 11:11:31 GMT
From: openldap2007@mnagl.de
To: openldap-its@OpenLDAP.org
Subject: Feature request: mit-kr5 support in smbk5pwd
Full_Name: Matthias Nagl
Version: 
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (137.248.132.104)


The current stable version of mit-krb5 (http://web.mit.edu/Kerberos/) seems to
have a much better support for LDAP-Backends than Heimdal. Sadly the
smbk5pwd-overlay currently won't support password synchronization with the new
MIT-schema. It would be great if smbk5pwd could be extended to work with the new
mit-krb5.


Followup 1

Download message
Date: Wed, 14 Nov 2007 06:07:47 -0800
From: Howard Chu <hyc@symas.com>
To: openldap2007@mnagl.de
CC: openldap-its@openldap.org
Subject: Re: (ITS#5234) Feature request: mit-kr5 support in smbk5pwd
openldap2007@mnagl.de wrote:
> Full_Name: Matthias Nagl
> Version:
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (137.248.132.104)

> The current stable version of mit-krb5 (http://web.mit.edu/Kerberos/) seems
to
> have a much better support for LDAP-Backends than Heimdal. Sadly the
> smbk5pwd-overlay currently won't support password synchronization with the
new
> MIT-schema. It would be great if smbk5pwd could be extended to work with
the new
> mit-krb5.

You're welcome to submit a patch to provide the necessary support.

I'll note that the MIT schema is deficient in a number of areas too; we're 
looking at writing up an IETF Draft defining a more comprehensive schema that 
can be used by both MIT and Heimdal going forward.

As a total aside, the MIT code's stability leaves a lot to be desired. I won't 
deploy it on any of my networks because I've seen it crash too many times. In 
contrast, I've deployed Heimdal at numerous sites and never had to fuss with 
it, it just works. Your Mileage May Vary, just relating my personal experience 
accumulated over several years.
-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP     http://www.openldap.org/project/


Up to top level
Build   Contrib   Development   Documentation   Historical   Incoming   Software Bugs   Software Enhancements   Web  

Logged in as guest


The OpenLDAP Issue Tracking System uses a hacked version of JitterBug

______________
© Copyright 2013, OpenLDAP Foundation, info@OpenLDAP.org