[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Kerberos with LDAP backend: password sync

To: Nick Milas <nick@eurobjects.com>
Subject: Re: Kerberos with LDAP backend: password sync
From: Dan White <dwhite@olp.net>
Date: Wed, 20 Jul 2011 16:52:05 -0500
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <4E274B2E.7080205@eurobjects.com>
References: <4E274B2E.7080205@eurobjects.com>
User-agent: Mutt/1.5.21 (2010-09-15)

On 21/07/11 00:39 +0300, Nick Milas wrote:

Such a setup is meant to continue to allow the standard PLAIN authover TLS/SSL (directly by LDAP) in some applications and provideKerberos authentication in others, based on the same user/passworddatabase (stored and maintained in LDAP). [I know that in manyenvironments, userPassword and krbPrincipalKey are deliberatelydifferent.]

Is there a way to automatically populate (either internally, via LDAPconfiguration, or externally, by running - for example - an externalscript) the values of krbPrincipalName and krbPrincipalKeyattributes, so that these values can be produced by the values of thecurrently used attributes (uid, userPassword, including possiblyothers.)? This would allow initial creation of values for the aboveattributes using the same password value.


See:

contrib/slapd-modules/smbk5pwd/

within the source.

--
Dan White

Follow-Ups:
- Re: Kerberos with LDAP backend: password sync
  - From: Michael Ströder <michael@stroeder.com>

References:
- Kerberos with LDAP backend: password sync
  - From: Nick Milas <nick@eurobjects.com>

Prev by Date: Kerberos with LDAP backend: password sync
Next by Date: Re: Two bases on same ldap server
Index(es):
- Chronological
- Thread