[Date Prev][Date Next]
Re: (ITS#5234) Feature request: mit-kr5 support in smbk5pwd
> Full_Name: Matthias Nagl
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (188.8.131.52)
> The current stable version of mit-krb5 (http://web.mit.edu/Kerberos/) seems to
> have a much better support for LDAP-Backends than Heimdal. Sadly the
> smbk5pwd-overlay currently won't support password synchronization with the new
> MIT-schema. It would be great if smbk5pwd could be extended to work with the new
You're welcome to submit a patch to provide the necessary support.
I'll note that the MIT schema is deficient in a number of areas too; we're
looking at writing up an IETF Draft defining a more comprehensive schema that
can be used by both MIT and Heimdal going forward.
As a total aside, the MIT code's stability leaves a lot to be desired. I won't
deploy it on any of my networks because I've seen it crash too many times. In
contrast, I've deployed Heimdal at numerous sites and never had to fuss with
it, it just works. Your Mileage May Vary, just relating my personal experience
accumulated over several years.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/