[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patch to prevent krb5Key attrs in Samba LDAP entries

"James F. Hranicky" <jfh@cise.ufl.edu> writes:

> The following patch keeps Samba LDAP entries from being populated with
> krb5Key LDAP attributes even if other Kerberos attributes are available.
> This accomplishes the following:
> 	- ensures Heimdal and Samba share only 1 key
> 	- removes the need for the smbk5pwd overlay for Heimdal/Samba
> 	  syncing
> 	- prevents the unnecessary addition of the krb5EncryptionType
> 	  attribute
> This probably isn't the best way to handle this as there's no configuration
> option, so I'd appreciate any comments on this issue.

Wont using

        default_keys = arcfour-hmac-md5:pw-salt

give you the behavior of the first delta ?

The krb5EncryptionType part of the entry could go way, I know of no real
usage for it.


PGP signature