[31472] in Kerberos
Re: ldap-backend with kerberos
daemon@ATHENA.MIT.EDU (=?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==)
Wed Sep 16 09:57:18 2009
From: =?UTF-8?B?TWljaGFlbCBTdHLDtmRlcg==?= <michael@stroeder.com>
Date: Wed, 16 Sep 2009 15:16:39 +0200
Message-ID: <o257o6-dqc.ln1@nb2.stroeder.com>
Mime-Version: 1.0
X-Complaints-To: usenet-abuse@t-online.de
In-Reply-To: <mailman.0.1253026640.18120.kerberos@mit.edu>
To: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Julian Thomé wrote:> > Now we want new users to be automatically available as kerberos principals.> We want to create our user-accounts directly in LDAP. For each user> created in the ldap we need a kerberos principal with the same password> of his unix-account.
Yes, I understand that quite well.
> For authentification kerberos should be used.> Is it possible (with the smbk5pwd-Module), to give newly created> ldap-entries (posixAccounts) a kerberos-password automatically ??
As already said:
> Michael Ströder wrote:>> OpenLDAP's slapo-smbk5pwd only works with heimdal since currently>> heimdal's and MIT's LDAP backends use different LDAP schema.
Again: Yes, it is possible with heimdal as KDC. But not with MIT Kerberos.slapo-smbk5pwd intercepts and handles the Password Modify extended operationrequest. So you have to use that instead of simple modify request when settingthe password.
Ciao, Michael.________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
