On Wed, 2005-05-18 at 16:46 -0400, James F. Hranicky wrote: > The following patch keeps Samba LDAP entries from being populated with > krb5Key LDAP attributes even if other Kerberos attributes are available. > > This accomplishes the following: > > - ensures Heimdal and Samba share only 1 key > - removes the need for the smbk5pwd overlay for Heimdal/Samba > syncing I still think this is the best way forward, but I know it isn't easy changing details on the LDAP server side of things (which is why I have not been able to run that overlay). > - prevents the unnecessary addition of the krb5EncryptionType > attribute > > This probably isn't the best way to handle this as there's no configuration > option, so I'd appreciate any comments on this issue. I think the last point is the key issue here. A patch that I think would make more sense is one that uses the presence of an existing krb5key attribute to determine if it should be updated. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College http://hawkerc.net
This is a digitally signed message part