Adriana Gologaneanu wrote: > Debian Etch > - slapd: 2.3.30-5+etch2 > - krb5-kdc: 1.4.4-7etch6 > > I just found with Lenny a plugin: krb5-kdc-ldap that allows the KDC data > to be stored in an LDAP server. > Let me test it and I will give you a feedback.
It won't help since the credentials are stored in different attributes. You need something which syncs the credential attributes. This is e.g. possible with OpenLDAP/Heimdal and a server-side overlay (server-side plugin) called smbk5pwd which intercepts the LDAP Password Modify Extended Operation requests and then sets all relevant attributes. The FreeIPA folks have implemented something similar for MIT KDC with Fedora Directory Server. I don't know a solution for OpenLDAP / MIT KDC though. Also note that the LDAP schema for MIT KDC and heimdal KDC differ. Ciao, Michael. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
