Re: Kerberos attributes with ldap/samba for a heimdal backend

[Love Hörnquist Åstrand <lha@kth.se>]

"James F.  Hranicky" <jfh@cise.ufl.edu> writes:

> On Wed, 16 Mar 2005 11:30:54 -0500
> "James F.  Hranicky" <jfh@cise.ufl.edu> wrote:
>
>> On a hunch, #ifdefed the code above out, recompiled, and tried again. This 
>> time, using the smbk5pwd overlay, password changes via samba or heimdal
>> are reflected in the other, with no errors in changing or authenticating
>> in either after a password change using either.
>
> Does anyone have an opinion on this? Is the krb5EncryptionType attribute
> really needed?

Probably not, its not used in any other part of the code.

> If not, does my setup (smbk5pwd overlay) sound reasonable as a backend
> for both samba/heimdal?

Yes, but smbk5pwd will need to be updated some day to support the iteration
counter of PKCS5#2 for AES support, but since its not stored in the entry
today, its not a problem.

Love

PGP signature