Full_Name: Guillaume Rousse Version: 2.4.11 OS: Linux URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (193.55.250.67)

When using the smbkrb5 overlay, the {K5KEY} password can be used to make autentication use kerberos credentials.

However, this redirection doesn't honour krb5ValidEnd or sambaKickoffTime attribute, positionned by either heimdal or smbkrb5 overlay when setting an expiration date to the kerberos principal. Whereas kdc refuses to provides a ticket for the user, openldap still allows the user to authenticate.