[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patch to prevent krb5Key attrs in Samba LDAP entries

On Wed, 2005-05-18 at 16:46 -0400, James F. Hranicky wrote:
> The following patch keeps Samba LDAP entries from being populated with
> krb5Key LDAP attributes even if other Kerberos attributes are available.
> This accomplishes the following:
> 	- ensures Heimdal and Samba share only 1 key
> 	- removes the need for the smbk5pwd overlay for Heimdal/Samba
> 	  syncing

I still think this is the best way forward, but I know it isn't easy
changing details on the LDAP server side of things (which is why I have
not been able to run that overlay).

> 	- prevents the unnecessary addition of the krb5EncryptionType
> 	  attribute
> This probably isn't the best way to handle this as there's no configuration
> option, so I'd appreciate any comments on this issue.

I think the last point is the key issue here.  A patch that I think
would make more sense is one that uses the presence of an existing
krb5key attribute to determine if it should be updated.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

This is a digitally signed message part