On 29/05/12 10:27, Tim Watts wrote:
On 29/05/12 08:18, Christian Manal wrote:
Hi,
what Kerberos implementation are you using? If it's Heimdal and if it uses your OpenLDAP server as its storage backend, you can use the smbk5pwd overlay to set the Kerberos password along with a regular password change.
If your distro doesn't ship it with OpenLDAP or as a seperate package, you can build it from source. It's in the tarball under
contrib/slapd-modules/smbk5pwd/
Hi Christian,
I'm going to use MIT kerberos as that is what I am used to and I trust it and my abilities to fix it :)
But what you've said about smbk5pwd is interesting.
So Overlays are the plug-ins that can hook into parts of the process, including a password change? That is very useful knowledge - I can have a hunt for some others if smbk5pwd does not support MIT password changes
- and I am aware that beyond ticket granting the wire protocols do differ.
If I'm desperate enough, I feel reasonably confident I could copy and modify that overlay - even if it is just to fork/exec to kadmind.
Many thanks for your time - very useful stuff!
All the best,
Tim
Ah-ha!
http://www.opinsys.fi/en/smbkrb5pwd-password-syncing-for-openldap-mit-kerber...
(Line wrap warning) - some nice person has already done the job for MIT Kerberos :->>>
On the face of it - that looks absolutely perfect!
Cheers
Tim