29 May
2012
29 May
'12
9:42 a.m.
Tim Watts wrote:
http://www.opinsys.fi/en/smbkrb5pwd-password-syncing-for-openldap-mit-kerber... (Line wrap warning) - some nice person has already done the job for MIT Kerberos :->>>
The system described above is a bit fragile. Because if one of the systems fail the password might only be changed in LDAP or Kerberos.
On the face of it - that looks absolutely perfect!
Hmm...
A better approach is taken in the FreeIPA project: There's a SLAPI plugin for 389 DS which supports MIT Kerberos. A C programmer might be able to adapt this as an OpenLDAP overlay (similar to OpenLDAP's slapo-smbk5pwd).
Ciao, Michael.