[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Very quick pointer

On 29/05/12 08:18, Christian Manal wrote:


what Kerberos implementation are you using? If it's Heimdal and if it
uses your OpenLDAP server as its storage backend, you can use the
smbk5pwd overlay to set the Kerberos password along with a regular
password change.

If your distro doesn't ship it with OpenLDAP or as a seperate package,
you can build it from source. It's in the tarball under


Hi Christian,

I'm going to use MIT kerberos as that is what I am used to and I trust it and my abilities to fix it :)

But what you've said about smbk5pwd is interesting.

So Overlays are the plug-ins that can hook into parts of the process, including a password change? That is very useful knowledge - I can have a hunt for some others if smbk5pwd does not support MIT password changes - and I am aware that beyond ticket granting the wire protocols do differ.

If I'm desperate enough, I feel reasonably confident I could copy and modify that overlay - even if it is just to fork/exec to kadmind.

Many thanks for your time - very useful stuff!

All the best,


Tim Watts
Personal Blog: http://www.dionic.net/tim/