[Date Prev][Date Next]
Re: Kerberos with LDAP backend: password sync
On 21/07/11 00:39 +0300, Nick Milas wrote:
Such a setup is meant to continue to allow the standard PLAIN auth
over TLS/SSL (directly by LDAP) in some applications and provide
Kerberos authentication in others, based on the same user/password
database (stored and maintained in LDAP). [I know that in many
environments, userPassword and krbPrincipalKey are deliberately
Is there a way to automatically populate (either internally, via LDAP
configuration, or externally, by running - for example - an external
script) the values of krbPrincipalName and krbPrincipalKey
attributes, so that these values can be produced by the values of the
currently used attributes (uid, userPassword, including possibly
others.)? This would allow initial creation of values for the above
attributes using the same password value.
within the source.