I posted this along with another (solved) problem a few weeks back.
I have smbk5pwd with Samba 3 and heimdal 0.6.2 and openldap 2.2.26.
smbk5pwd.c is revision 1.6
When I set up an account with Samba and Heimdal credentials and perfrom
a password change exop, both the Samba and Heimdal passwords are
changes. I can auth against the account via kinit and Samba with the new
password. The problem is that authenticating against the {K5KEY}
attribute doesn't work. The callback in smbk5pwd is called, but it
returns false no matter what.
Also, the pass change exop leaves a hashed password in the userPassword
field (replacing {K5KEY} anyway). While this is good, since I can't auth
against LDAP without it for now, it is not ideal. I want to store as few
versions of a user's password as possible.
The only thing that I've noticed of any possible significance in gdb is
that the string passed to decode_Key has my Kerberos realm appended to
the end in lower case.
Also, it makes it all the way through k5key_chk's last do-while loop. It
returns LUTIL_PASSWD_ERROR
Thanks for any help