Re: Password Ldap syncing

Predrag Zecevic [Unix Systems Administrator] Thu, 21 Mar 2013 07:12:09 -0700

Hi,

we have implemented shell/php scripts which change password for user
(based on password policy) AND set kerberos password to be same as
userPassword attribute. That way, both are in sync (only for users which
are supposed to have krbPrincipalName defined)...


Our implementation (MIT Kerberos 5 using 389 DS as backend  DB) is
highly customized, so providing shell would be not very useful. But this
is one option to achieve your goal.

Regards.

On 20.03.2013 15:02, [email protected] wrote:
> Hello,
> I have a problem with password encryption
> There is at my work have an already in production ldap directory. The 
> userPassword is 
> encrypted in {SSHA}. I am not planning to introduce some modifications into 
> this 
> directory, but need the password to create Kerberos Principal.
> 
> Is there a possibility to achieve this goal ?
> 
> As a subsidiary question :
> I a am planning to create a new openldap directory (independant of the first 
> one).
> In this directory, it is easy to inject SSHA encrypted password in 
> userPassword attribut.
> It is of a use to use smbk5pwd overlay in this case to link with the kerberos 
> password ?
> I think it is only working with command like ldappasswd. Is it pointless to 
> sync SSHA 
> encrypted password with smbk5pwd .Have somebody got some information for this
> (I know smbk5pwd is for HEIMDAL implementation of kerberos)
> 
> 
> Thanks
> Serge Conrad
> 
> Laposte.net, messager officiel du Rallye des Gazelles en 2013 ! Pour suivre 
> le Rallye Aïcha des Gazelles et soutenir les participantes, cliquez sur 
> www.laposte.net/thematique/rallye-des-gazelles
> 
> ________________________________________________
> Kerberos mailing list           [email protected]
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 

-- 
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH

Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile:    +49  174 3109 288,     Skype: predrag.zecevic
E-mail:    [email protected]

Headquarter:          2e Systems GmbH, Königsteiner Str. 87,
                      65812 Bad Soden am Taunus, Germany
Company registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director:    Phil Douglas

http://www.2e-systems.com/ - Making your business fly!

[***]===---
You are only young once, but you can stay immature indefinitely.

signature.asc
Description: OpenPGP digital signature

________________________________________________
Kerberos mailing list           [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos

Re: Password Ldap syncing

Reply via email to