[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: kpasswd missing in action?

See <http://www.openldap.org/faq/index.cgi?file=944>http<http://www.openldap.org/faq/index.cgi?file=944>://www.openldap.org/faq/index.cgi?file=944

At 11:04 AM 9/30/2005, Michael Torrie wrote:
>Is there any way to restore the kpasswd binding function to openldap?  I
>realize that ideally sasl or kerberos binds directly are the way to go,
>but unfortunately I can't do that for the majority of web applications
>(most of which are 3rd party) that need to do ldap binds for
>authentication.  Without kpasswd support I am forced to put the
>userPassword hashes directly in the ldap database itself, which is a
>security problem.  At least with the old {kerberos}username@DOMAIN
>notation, even though the bind itself might have security implications I
>wouldn't need to put the password itself in the database.
>Is there a way to accomplish simple binding from these dumb 3rd party
>apps with kerberos support?
>Michael Torrie <torriem@chem.byu.edu>