On Thu, 11 Mar 2004, Digant Kasundra wrote: > Is anyone aware of any product that can sync passwords between an MIT > Kerberos KDC and MS Active Directory? > > Is it even possible to "hook into" a password change event in Kerberos? Can > that trigger an event or something of that sort? I know that on the Windows > side, you would add a password filter that would be called during the > password change call and it would be used to make the change in external > systems like Kerberos. >
_ It's pretty trivial to do if you're up to reading the MIT kadmind src code. I've done it for K4 syncing to both MIT K5 and AD via some pretty awful hacks. I never really packaged up the code to be useable for other people and I no longer work at the part of Stanford that is responsible for that code. It may be lurking about in Stanford's public AFS space somewhere, the package is named aeakos. Everything but the library for queueing requests is an awful hack. _ In Hiemdal it's even easier since it has a loadable module interface for password quality checking and you can just stick your awful hacks in there. _ Booker C. Bense ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
