[Date Prev][Date Next] [Chronological] [Thread] [Top]

krb5PrincipalName and userPassword

I've just been playing with the ppolicy overlay and noticed
that I wasn't locked out! Took a while to figure out, but I
was only locked out if I was using a simple bind!

I've always used:

     userPassword: {SASL}turbo@INT.DOMAIN.TLD
     krb5PrincipalName: turbo@INT.DOMAIN.TLD

But before testing ppolicy, I changed the userPassword
to '{MD5}Xr4ilOzQ4PCOq3aQ0qbuaQ==' (=> 'secret').

I always thought that these two went hand in hand, but
my tests now shows that they are not. Is this so?!

Can this have something to do with my sasl-regexp?

----- s n i p -----
----- s n i p -----

So the result of this is that I can have one password
for simple binds and one for SASL binds... Not a bad
thing, but still...

Is it possible to apply the ppolicy on SASL binds?