[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: krb5key heimdal+ldap

Gessy Caetano wrote:
> Hi, 
> I'm using openldap and kerberos Heimdal on my system.
> But in my network the users only change their
> passwords throught some internal website. I don't now
> how to create krb5key entries that contains the
> kerberos passwords, the krb5key entries are defined in
> krb5kdc schema.
> A need a tool that will receive the password ( in
> clear text maybe or other
> format) and return the password in the kerberos
> (heimdal) format (des-cbc-sha1
> des-cbc-md5 ...)
No, you need the smbk5pwd module that is part of the OpenLDAP contrib 
directory, which extends LDAP PasswordModify operations to update the 
krb5Key attribute at the same time as the userPassword attribute. And 
you need your website to use the LDAP PasswordModify operation when 
changing a user's password.

   -- Howard Chu
   Chief Architect, Symas Corp.       Director, Highland Sun
   http://www.symas.com               http://highlandsun.com/hyc
   Symas: Premier OpenSource Development and Support