On 29/05/12 10:27, Tim Watts wrote:
On 29/05/12 08:18, Christian Manal wrote:
> what Kerberos implementation are you using? If it's Heimdal and if it
> uses your OpenLDAP server as its storage backend, you can use the
> smbk5pwd overlay to set the Kerberos password along with a regular
> password change.
> If your distro doesn't ship it with OpenLDAP or as a seperate package,
> you can build it from source. It's in the tarball under
I'm going to use MIT kerberos as that is what I am used to and I trust
it and my abilities to fix it :)
But what you've said about smbk5pwd is interesting.
So Overlays are the plug-ins that can hook into parts of the process,
including a password change? That is very useful knowledge - I can have
a hunt for some others if smbk5pwd does not support MIT password changes
- and I am aware that beyond ticket granting the wire protocols do differ.
If I'm desperate enough, I feel reasonably confident I could copy and
modify that overlay - even if it is just to fork/exec to kadmind.
Many thanks for your time - very useful stuff!
All the best,
(Line wrap warning) - some nice person has already done the job for MIT
On the face of it - that looks absolutely perfect!
Personal Blog: http://www.dionic.net/tim/