[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal to LDAP integration

To: heimdal-discuss@sics.se, "Thomas Sant Ana" <mailleux@gmail.com>
Subject: Re: Heimdal to LDAP integration
From: Love Hörnquist Åstrand <lha@kth.se>
Date: Mon, 4 Jun 2007 13:52:07 -0400
In-Reply-To: <1bbce6440706040608h7607c091wdd1eb6bb13e49185@mail.gmail.com>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <1bbce6440706040608h7607c091wdd1eb6bb13e49185@mail.gmail.com>
Reply-To: heimdal-discuss@sics.se, Love Hörnquist Åstrand <lha@kth.se>

>    I have the following scenario:

Unless you have the cleartext password of the user in the you can  
never do this.
With LDAP is common to have md5 hash in the directory and not the  
password.

If you have a cleartext password its possible to do this, but you  
have to modify
the hdb backend code fetch the password from ldap and convert the  
password
to kerberos key (and prefereably cache the result since s2k  
operations are
expensive in terms of CPU usage).

Love

Follow-Ups:
- Re: Heimdal to LDAP integration
  - From: Brian May <bam@snoopy.apana.org.au>

References:
- Heimdal to LDAP integration
  - From: "Thomas Sant Ana" <mailleux@gmail.com>

Prev by Date: Heimdal to LDAP integration
Next by Date: Re: segmentation fault 0.8.1 on CentOS 5
Prev by thread: Heimdal to LDAP integration
Next by thread: Re: Heimdal to LDAP integration
Index(es):
- Date
- Thread