[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: kpasswd

On Thursday, October 16, 2003, at 07:50 AM, Frank Swasey wrote:

Funny.  RedHat has been compiling using --with-kerberos=k5only
--enable-kpasswd and it doesn't have any trouble compiling.  It works.
It solves a lot of problems.  Please enumerate the problems it causes.

I've never had any problems, either configuring or compiling, this option. We use RedHat but build OpenLDAP from source.

We've had this argument about the usefulness of {KERBEROS} password
checking before.  If you really are going to remove this VERY useful
feature of OpenLDAP, you're removing the major reason I chose to use
openLDAP here at UVM.  I cannot rewrite all the clients that are
authenticating against LDAP/ssl instead of Kerberos just because you
claim without any proof that this feature is broken.

Add my vote to keep it. We use it, heavily. We've found too many clients either don't handle SASL or don't handle the GSSAPI mechanism. Doing a simple bind over ssl/tls and providing a kerberos password is a great alternative. We're not interested in doing having passwords anywhere but in Kerberos.