[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Very quick pointer



On 29/05/12 10:27, Tim Watts wrote:
On 29/05/12 08:18, Christian Manal wrote:

Hi,

what Kerberos implementation are you using? If it's Heimdal and if it
uses your OpenLDAP server as its storage backend, you can use the
smbk5pwd overlay to set the Kerberos password along with a regular
password change.

If your distro doesn't ship it with OpenLDAP or as a seperate package,
you can build it from source. It's in the tarball under

contrib/slapd-modules/smbk5pwd/


Hi Christian,

I'm going to use MIT kerberos as that is what I am used to and I trust
it and my abilities to fix it :)

But what you've said about smbk5pwd is interesting.

So Overlays are the plug-ins that can hook into parts of the process,
including a password change? That is very useful knowledge - I can have
a hunt for some others if smbk5pwd does not support MIT password changes
- and I am aware that beyond ticket granting the wire protocols do differ.

If I'm desperate enough, I feel reasonably confident I could copy and
modify that overlay - even if it is just to fork/exec to kadmind.

Many thanks for your time - very useful stuff!

All the best,

Tim



Ah-ha!

http://www.opinsys.fi/en/smbkrb5pwd-password-syncing-for-openldap-mit-kerberos-and-samba

(Line wrap warning) - some nice person has already done the job for MIT Kerberos :->>>

On the face of it - that looks absolutely perfect!

Cheers

Tim

--
Tim Watts
Personal Blog: http://www.dionic.net/tim/