Le 10 févr. 2013 20:28, "Howard Chu" <[email protected]> a écrit :
> Emmanuel Lécharny wrote: > >> Hi guys, >> >> as I'm working on the Kerberos server, I have a few questions. >> >> 1) Currently, when the added entry has a userPassword AT and a >> krb5PrincipalName AT (which means it has a krb5principal OC), we create >> the kerberos Keys using the password. >> >> The problem is that the userPassword is a multiValued AT, so we use the >> first password in the list to generate the keys. This is not necessarily >> a good idea, but I don't see how we can improve this. >> > > In OpenLDAP the multiple userPassword values are just different hashes of > the same plaintext. Does that approach work here? > > -- > -- Howard Chu > CTO, Symas Corp. http://www.symas.com > Director, Highland Sun http://highlandsun.com/hyc/ > Chief Architect, OpenLDAP > http://www.openldap.org/**project/<http://www.openldap.org/project/> >
