On 21/07/11 00:39 +0300, Nick Milas wrote:
Such a setup is meant to continue to allow the standard PLAIN auth over
TLS/SSL (directly by LDAP) in some applications and provide Kerberos
authentication in others, based on the same user/password database (stored
and maintained in LDAP). [I know that in many environments, userPassword and
krbPrincipalKey are deliberately different.]
Is there a way to automatically populate (either internally, via LDAP
configuration, or externally, by running - for example - an external script)
the values of krbPrincipalName and krbPrincipalKey attributes, so that these
values can be produced by the values of the currently used attributes (uid,
userPassword, including possibly others.)? This would allow initial creation
of values for the above attributes using the same password value.
See:
contrib/slapd-modules/smbk5pwd/