[Date Prev][Date Next]
Re: Kerberos with LDAP backend: password sync
On 21/7/2011 8:50 ÏÎ, Michael StrÃder wrote:
Dan White wrote:
Note that this overlay only works when using heimdal software for the
KDC which uses a different LDAP schema.
Since the orginal poster mentioned attributes krbPrincipalName and
krbPrincipalKey he seems to use MIT Kerberos.
Thank you all for your feedback.
Yes, it's the MIT Kerberos. And, after looking into smbk5pwd, it does
the opposite (of what I want): it automatically gets value for
userPassword based on the Principal key (krb5Key) attribute (using the
I am looking if it is possible to automatically populate/produce
krbPrincipalKey attribute values (kerberos.schema) based on current
userPassword attribute values (person objectClass in core.schema),
without knowing the stored password (encoded mainly as MD5).