Dax Kelson wrote: > If either tools has not been created, there is code from the FreeIPA > project, inside ipa_pwd_extop.c (see http://tinyurl.com/cfu63x) that > fetches the master key and properly create the ASN.1 encoded key. That > code could be used as a starting point or inspiration.
Security wise catching the modify password extended operation at the LDAP server's side is IMHO the right thing to do. FreeIPA does that for Fedora Directory Server as backend for a MIT KDC. The overlay smbk5pwd does it for OpenLDAP as backend for heimdal KDC. Ciao, Michael. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
