[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Very quick pointer



Tim Watts wrote:
> http://www.opinsys.fi/en/smbkrb5pwd-password-syncing-for-openldap-mit-kerberos-and-samba
> (Line wrap warning) - some nice person has already done the job for MIT
> Kerberos :->>>

The system described above is a bit fragile. Because if one of the systems
fail the password might only be changed in LDAP or Kerberos.

> On the face of it - that looks absolutely perfect!

Hmm...

A better approach is taken in the FreeIPA project:
There's a SLAPI plugin for 389 DS which supports MIT Kerberos. A C programmer
might be able to adapt this as an OpenLDAP overlay (similar to OpenLDAP's
slapo-smbk5pwd).

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature