This question belong on [email protected]. Moving the thread there.
[Moritz Molle] > say... is kerberos saving a copy of the userpasswords redundant to > ldap, or why does krb have to be told change_password (in > gosa-sync)? There are unfortunately three password checking options in Debian Edu Wheezy (and Squeeze). The prefered one is (1) Kerberos, which uses LDAP as its database backend to store information about principals (aka users). Another one is (2) Samba, which keep its own password hashes also in LDAP. The third one is (3 ) LDAP bind method itself, which also store its own hashes in LDAP. Login via GUI, ssh or cups uses Kerberos (aka PAM). Samba access uses the Samba hashes, and Gosa uses the LDAP bind method. The goal is to migrate everything to Kerberos, but we have not had time to figure out how to do this with all the services provided by Debian Edu yet. > i ask because that could cause a problem with my migrating > pasaworshashes from older skole versions. It will. The olds hash is only usable for LDAP bind and Samba, while login now require Kerberos info. -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
