[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kerberos attributes with ldap/samba for a heimdal backend

To: heimdal-discuss@sics.se
Subject: Re: Kerberos attributes with ldap/samba for a heimdal backend
From: Adam Tauno Williams <adam@morrison-ind.com>
Date: Wed, 16 Mar 2005 06:56:53 -0500
In-Reply-To: <20050316000939.7e436ed9.jfh@cise.ufl.edu>
References: <20050316000939.7e436ed9.jfh@cise.ufl.edu>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Internet Messaging Program (IMP) 3.2.2

> If I add the following attributes to the LDAP entry:
>     objectClass: krb5Principal
>     objectClass: krb5KDCEntry
>     krb5PrincipalName: jfh@CISE.UFL.EDU
>     krb5KeyVersionNumber: 0
>     krb5KDCFlags: 382
> I can then set krb-specific attributes, but when I change the password 
> using kadmin, I do change the Samba password, but I end up adding krb5Key
> attributes on doing so, which effectively separates the samba password 
> from the heimdal password (a change via smbpasswd gives me two different
> passwords).

I think the correct solution is to load the smbk5pwd module into the DSA, change
the Samba LDAP passwd sync option to "only", and to change passwords via the
extended operation (using normal passwd and properly configured pam ldap.conf).

Follow-Ups:
- Re: Kerberos attributes with ldap/samba for a heimdal backend
  - From: "James F. Hranicky" <jfh@cise.ufl.edu>

References:
- Kerberos attributes with ldap/samba for a heimdal backend
  - From: "James F. Hranicky" <jfh@cise.ufl.edu>

Prev by Date: Kerberos attributes with ldap/samba for a heimdal backend
Next by Date: Re: Kerberos attributes with ldap/samba for a heimdal backend
Prev by thread: Kerberos attributes with ldap/samba for a heimdal backend
Next by thread: Re: Kerberos attributes with ldap/samba for a heimdal backend
Index(es):
- Date
- Thread