[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Kerberos with LDAP backend: password sync



On 21/7/2011 8:50 ÏÎ, Michael StrÃder wrote:

Dan White wrote:


See:

contrib/slapd-modules/smbk5pwd/

Note that this overlay only works when using heimdal software for the KDC which uses a different LDAP schema.

Since the orginal poster mentioned attributes krbPrincipalName and krbPrincipalKey he seems to use MIT Kerberos.



Thank you all for your feedback.

Yes, it's the MIT Kerberos. And, after looking into smbk5pwd, it does the opposite (of what I want): it automatically gets value for userPassword based on the Principal key (krb5Key) attribute (using the krb5-kdc.schema).

I am looking if it is possible to automatically populate/produce krbPrincipalKey attribute values (kerberos.schema) based on current userPassword attribute values (person objectClass in core.schema), without knowing the stored password (encoded mainly as MD5).

Any ideas?

Thanks,
Nick