[30958] in Kerberos
Re: LDAP-Kerberos sync passwords
daemon@ATHENA.MIT.EDU (Adriana Gologaneanu)
Mon Apr 6 09:04:30 2009
Message-ID: <49D9FC89.4040007@rcs-rds.ro>
Date: Mon, 06 Apr 2009 15:58:49 +0300
From: Adriana Gologaneanu <adriana.gologaneanu@rcs-rds.ro>
MIME-Version: 1.0
To: Eduardo Sachs <edu.sachs@gmail.com>
In-Reply-To: <3e7107590904011127x135777f3u2ebdecf40b535c6@mail.gmail.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi again,
Thanks first for all your advices. I configured Heimdal Kerberos with
smbk5pwd plugin, it works. I have to do more tests from java client to
be sure the passwords are correctly syncing.
There is only a small error I have it at Gnome login with Ubuntu10
configured as client: "The system administrator has disabled your
account". It's the ldap account. Does it sounds to be a common error?
The user exists too in /etc/security/access.conf.
Regards,
Eduardo Sachs wrote:
> If you use Heimdal Kerberos, you can install the overlay smbk5pwd for OpenLDAP.
>
> It synchronizes the password for the Samba and Kerberos, and
> userPassword is fixed with the string {K5KEY}.
>
> Yes, you need configure your Heimdal Kerberos with backend LDAP.
>
> Read more in:
> http://www.openldap.org/devel//cvsweb.cgi/~checkout~/contrib/slapd-modules/smbk5pwd/README?rev=1.1.2.3&hideattic=0&sortbydate=1
> http://eduardosachs.org/mediawiki/index.php?title=Heimdal_Kerberos_%2B_Samba_PDC_%2B_OpenLDAP_%2B_Squid_no_Debian_Etch
> http://eduardosachs.org/mediawiki/index.php?title=Compilando_e_configurando_o_overlay_smbk5pwd_para_Debian_Etch
>
> Thanks!
>
> 2009/3/30 Adriana Gologaneanu <adriana.gologaneanu@rcs-rds.ro>:
>
>> Hi,
>>
>> I'm using LDAP for authorization and Kerberos for authentication. The
>> workstations are configured with pam_krb5 module.
>> There is a way to sync passwords between LDAP and Kerberos? Both are on
>> same machine and the passwords to ldap db are sent in MD5 via a virtual
>> java machine. I can't do same with Kerberos cause there are no free java
>> libraries. Also, I want to avoid ssh connection between java machine and
>> LDAP/Kerberos server.
>>
>> Many thanks,
>> Adriana
>> ________________________________________________
>> Kerberos mailing list Kerberos@mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
