[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: kpasswd missing in action?

To: Michael Torrie <torriem@chem.byu.edu>
Subject: Re: kpasswd missing in action?
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sat, 01 Oct 2005 21:48:44 -0700
Cc: OpenLDAP software list <openldap-software@OpenLDAP.org>
In-reply-to: <1128103497.25245.24.camel@isengard>
References: <1128103497.25245.24.camel@isengard>

See <http://www.openldap.org/faq/index.cgi?file=944>http<http://www.openldap.org/faq/index.cgi?file=944>://www.openldap.org/faq/index.cgi?file=944

At 11:04 AM 9/30/2005, Michael Torrie wrote:
>Is there any way to restore the kpasswd binding function to openldap?  I
>realize that ideally sasl or kerberos binds directly are the way to go,
>but unfortunately I can't do that for the majority of web applications
>(most of which are 3rd party) that need to do ldap binds for
>authentication.  Without kpasswd support I am forced to put the
>userPassword hashes directly in the ldap database itself, which is a
>security problem.  At least with the old {kerberos}username@DOMAIN
>notation, even though the bind itself might have security implications I
>wouldn't need to put the password itself in the database.
>
>Is there a way to accomplish simple binding from these dumb 3rd party
>apps with kerberos support?
>-- 
>Michael Torrie <torriem@chem.byu.edu>

References:
- kpasswd missing in action?
  - From: Michael Torrie <torriem@chem.byu.edu>

Prev by Date: kpasswd missing in action?
Next by Date: Re: kpasswd missing in action?
Index(es):
- Chronological
- Thread