[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: 'krbPrincipalKey' and 'sambaMungedDial'

Hi Martin,

On Fri, Mar 22, 2013 at 06:33:11PM +0100, Martin Schulte wrote:
> while trying to upgrade to squeeze and restore old passwords, i had
> a look to the ldap in squeeze. I found the two attributes
> 'krbPrincipalKey' and 'sambaMungedDial'. Can someone tell me, what
> is the use of these two attributes and how they are generated? Is
> there a relation between the userpassword and these two attributes?
> Actually i try to replace the value of the attributes
> 'userPassword', 'sambaLMPassword', 'sambaNTPassword' from the
> squeeze ldap with the values from the lenny ldap.

The authentication method has changed completely in squeeze.  Instead
of storing a hashed password in LDAP as it has been the case in Lenny,
Squeeze uses Kerberos keys.  These are also some kind of a user's
password, but can also be used to encrypt any connection over the
network.  There is no way to convert the password hash from Lenny to a
Kerberos principal key, so you have to create these from clear text
passwords.  I am not familliar with the samba stuff however.

Best regards,


Reply to: