[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: krb5key heimdal+ldap
Gessy Caetano wrote:
> I'm using openldap and kerberos Heimdal on my system.
> But in my network the users only change their
> passwords throught some internal website. I don't now
> how to create krb5key entries that contains the
> kerberos passwords, the krb5key entries are defined in
> krb5kdc schema.
> A need a tool that will receive the password ( in
> clear text maybe or other
> format) and return the password in the kerberos
> (heimdal) format (des-cbc-sha1
> des-cbc-md5 ...)
No, you need the smbk5pwd module that is part of the OpenLDAP contrib
directory, which extends LDAP PasswordModify operations to update the
krb5Key attribute at the same time as the userPassword attribute. And
you need your website to use the LDAP PasswordModify operation when
changing a user's password.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support