Re: Preauth error ldap heimdal kerberos

[Dan White <dwhite@olp.net>]

On 22/03/10 16:29 +0200, Μανόλης Βλαχάκης wrote:
> hallo there
> and thank you for your quick reply...
>
> 1)is this the only access list you have used and works fine?
> cause as i told you i want to  add the attributes below,you think they'll
> work?

I have several other rules, but these are the ones that I believe are
relevant. These might not match recommended practice but they work for me:

access to attrs=userPassword,shadowLastChange,sambaPwdLastSet,sambaLMPassword,sambaNTPassword,krb5KeyVersionNumber,krb5Key,cmusaslsecretOTP
        by anonymous auth
        by self write
        by * none

access to attrs=authzTo
        by anonymous auth
        by self read
        by * none

access to attrs=objectClass
        by self read
        by anonymous auth
        by * none

--
Dan White
BTC Broadband
Ph  918.366.0248 (direct)   main: (918)366-8000
Fax 918.366.6610            email: dwhite@olp.net
http://www.btcbroadband.com