password synchronization
Hi Veli-Matti,
On Wed, May 05, 2010 at 04:41:41PM +0300, Veli-Matti Lintu wrote:
> ma, 2010-05-03 kello 21:47 +0200, Andreas B. Mundt kirjoitti:
>
> > The critical point in using kerberos is the synchronization
> > i.e. integration of all passwords: posix, samba and kerberos.
[...]
> We've been figuring out for a while what to do with this syncing problem
> and we just finished smbkrb5pwd for MIT kerberos. Its implementation
> differs from smbk5pwd for Heimdal, but the idea is to sync all the
> passwords at once when ldap password is changed. This is the first
> version and it still needs work, but if you are interested testing it,
> here are instructions on how to use it:
>
> http://www.opinsys.fi/en/smbkrb5pwd-password-syncing-for-openldap-mit-kerberos-and-samba
>
> smbkrb5pwd does not alter the kerberos ldap entries directly, but
> connects kadmind to do the work. This has pros and cons, but for us it
> seems to work nicely in test environments. The testing has been done on
> Ubuntu 10.04, but I cannot see why it wouldn't work in Debian also.
Many thanks for these links. I am currently investigating pros and
cons of the various methods used to achive synchronized passwords.
Do you know of any activities to get this package into mainline
Ubuntu/Debian?
Regards,
Andi
Reply to: