[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5766) smbkrb5 overlay doesn't honour kerberos principal expiration

Full_Name: Guillaume Rousse
Version: 2.4.11
OS: Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

When using the smbkrb5 overlay, the {K5KEY} password can be used to make
autentication use kerberos credentials.

However, this redirection doesn't honour krb5ValidEnd or sambaKickoffTime
attribute, positionned by either heimdal or smbkrb5 overlay when setting an
expiration date to the kerberos principal. Whereas kdc refuses to provides a
ticket for the user, openldap still allows the user to authenticate.