[Date Prev][Date Next] [Chronological] [Thread] [Top]

kpasswd missing in action?

To: OpenLDAP software list <openldap-software@OpenLDAP.org>
Subject: kpasswd missing in action?
From: Michael Torrie <torriem@chem.byu.edu>
Date: Fri, 30 Sep 2005 12:04:57 -0600

Is there any way to restore the kpasswd binding function to openldap?  I
realize that ideally sasl or kerberos binds directly are the way to go,
but unfortunately I can't do that for the majority of web applications
(most of which are 3rd party) that need to do ldap binds for
authentication.  Without kpasswd support I am forced to put the
userPassword hashes directly in the ldap database itself, which is a
security problem.  At least with the old {kerberos}username@DOMAIN
notation, even though the bind itself might have security implications I
wouldn't need to put the password itself in the database.

Is there a way to accomplish simple binding from these dumb 3rd party
apps with kerberos support?
-- 
Michael Torrie <torriem@chem.byu.edu>

Follow-Ups:
- Re: kpasswd missing in action?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: kpasswd missing in action?
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: chain + rebind-as-user
Next by Date: Re: kpasswd missing in action?
Index(es):
- Chronological
- Thread