[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: MIT Kerberos and LDAP Backend Passwords synchronization

To: Abdelkader Chelouah <a.chelouah@gmail.com>
Subject: Re: MIT Kerberos and LDAP Backend Passwords synchronization
From: Dan White <dwhite@olp.net>
Date: Thu, 13 Feb 2014 15:23:22 -0600
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <CALD-T+kd15z5fseaQzJWvnVHDSxyREj_5NOrU9f7Ky1SR=KmMw@mail.gmail.com>
References: <CALD-T+kd15z5fseaQzJWvnVHDSxyREj_5NOrU9f7Ky1SR=KmMw@mail.gmail.com>
User-agent: Mutt/1.5.21 (2010-09-15)

On 02/13/14 21:55 +0100, Abdelkader Chelouah wrote:

Hello all,

I configured a KDC (MIT Kerberos 1.12.1) with an OpenLDAP (2.4.32) Backend.
Everything is working fine. We want to migrate smoothly from LDAP password
to KDC password. For that purpose, we plan to force user to change their
password using ldappasswd command, intercept the password modification with
smbkrb5pwd overlay and then change the userPassword attribute for SASL
passthrough. I setup up the overlay smbkrb5pwd (last git version) to
synchronized LDAP and Kerberos passwords as decribed on

https://github.com/opinsys/smbkrb5pwd

The module is loaded correctly. However, the "ldappasswd" command hangs
now. This is apparently due to a locking issue. Is anyone succeeded to
configure the overlay ? Is there any other way to synchronize LDAP et KDC
passwords when OpenLDAP is used as a Backend ?


You can use kpasswd. You'll need set userPassword to passthrough using some
other mechanism, perhaps with a shell script that does both.

--
Dan White

References:
- MIT Kerberos and LDAP Backend Passwords synchronization
  - From: Abdelkader Chelouah <a.chelouah@gmail.com>

Prev by Date: Re: MIT Kerberos and LDAP Backend Passwords synchronization
Next by Date: Re: MIT Kerberos and LDAP Backend Passwords synchronization
Index(es):
- Chronological
- Thread