[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5234) Feature request: mit-kr5 support in smbk5pwd

openldap2007@mnagl.de wrote:
> Full_Name: Matthias Nagl
> Version:
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (

> The current stable version of mit-krb5 (http://web.mit.edu/Kerberos/) seems to
> have a much better support for LDAP-Backends than Heimdal. Sadly the
> smbk5pwd-overlay currently won't support password synchronization with the new
> MIT-schema. It would be great if smbk5pwd could be extended to work with the new
> mit-krb5.

You're welcome to submit a patch to provide the necessary support.

I'll note that the MIT schema is deficient in a number of areas too; we're 
looking at writing up an IETF Draft defining a more comprehensive schema that 
can be used by both MIT and Heimdal going forward.

As a total aside, the MIT code's stability leaves a lot to be desired. I won't 
deploy it on any of my networks because I've seen it crash too many times. In 
contrast, I've deployed Heimdal at numerous sites and never had to fuss with 
it, it just works. Your Mileage May Vary, just relating my personal experience 
accumulated over several years.
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP     http://www.openldap.org/project/