Julian Thomé wrote: > > Now we want new users to be automatically available as kerberos principals. > We want to create our user-accounts directly in LDAP. For each user > created in the ldap we need a kerberos principal with the same password > of his unix-account.
Yes, I understand that quite well. > For authentification kerberos should be used. > Is it possible (with the smbk5pwd-Module), to give newly created > ldap-entries (posixAccounts) a kerberos-password automatically ?? As already said: > Michael Ströder wrote: >> OpenLDAP's slapo-smbk5pwd only works with heimdal since currently >> heimdal's and MIT's LDAP backends use different LDAP schema. Again: Yes, it is possible with heimdal as KDC. But not with MIT Kerberos. slapo-smbk5pwd intercepts and handles the Password Modify extended operation request. So you have to use that instead of simple modify request when setting the password. Ciao, Michael. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
