[30961] in Kerberos
Re: LDAP-Kerberos sync passwords
daemon@ATHENA.MIT.EDU (Adriana Gologaneanu)
Tue Apr 7 10:20:59 2009
X-Barracuda-Envelope-From: adriana.gologaneanu@rcs-rds.ro
Message-ID: <49DB6007.7020208@rcs-rds.ro>
Date: Tue, 07 Apr 2009 17:15:35 +0300
From: Adriana Gologaneanu <adriana.gologaneanu@rcs-rds.ro>
MIME-Version: 1.0
To: Eduardo Sachs <edu.sachs@gmail.com>
In-Reply-To: <49D9FC89.4040007@rcs-rds.ro>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
The issue with Ubuntu client it's fixed. I have added a login shell for
users instead of "/bin/false".
Thanks!
Adriana Gologaneanu wrote:
> Hi again,
>
> Thanks first for all your advices. I configured Heimdal Kerberos with
> smbk5pwd plugin, it works. I have to do more tests from java client to
> be sure the passwords are correctly syncing.
>
> There is only a small error I have it at Gnome login with Ubuntu10
> configured as client: "The system administrator has disabled your
> account". It's the ldap account. Does it sounds to be a common error?
> The user exists too in /etc/security/access.conf.
>
> Regards,
>
>
> Eduardo Sachs wrote:
>
>> If you use Heimdal Kerberos, you can install the overlay smbk5pwd for OpenLDAP.
>>
>> It synchronizes the password for the Samba and Kerberos, and
>> userPassword is fixed with the string {K5KEY}.
>>
>> Yes, you need configure your Heimdal Kerberos with backend LDAP.
>>
>> Read more in:
>> http://www.openldap.org/devel//cvsweb.cgi/~checkout~/contrib/slapd-modules/smbk5pwd/README?rev=1.1.2.3&hideattic=0&sortbydate=1
>> http://eduardosachs.org/mediawiki/index.php?title=Heimdal_Kerberos_%2B_Samba_PDC_%2B_OpenLDAP_%2B_Squid_no_Debian_Etch
>> http://eduardosachs.org/mediawiki/index.php?title=Compilando_e_configurando_o_overlay_smbk5pwd_para_Debian_Etch
>>
>> Thanks!
>>
>> 2009/3/30 Adriana Gologaneanu <adriana.gologaneanu@rcs-rds.ro>:
>>
>>
>>> Hi,
>>>
>>> I'm using LDAP for authorization and Kerberos for authentication. The
>>> workstations are configured with pam_krb5 module.
>>> There is a way to sync passwords between LDAP and Kerberos? Both are on
>>> same machine and the passwords to ldap db are sent in MD5 via a virtual
>>> java machine. I can't do same with Kerberos cause there are no free java
>>> libraries. Also, I want to avoid ssh connection between java machine and
>>> LDAP/Kerberos server.
>>>
>>> Many thanks,
>>> Adriana
>>> ________________________________________________
>>> Kerberos mailing list Kerberos@mit.edu
>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>>
>>>
>>>
>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
