Re: 'krbPrincipalKey' and 'sambaMungedDial'

To: debian-edu@lists.debian.org
Subject: Re: 'krbPrincipalKey' and 'sambaMungedDial'
From: "Andreas B. Mundt" <andi.mundt@web.de>
Date: Fri, 22 Mar 2013 19:01:27 +0100
Message-id: <[🔎] 20130322180127.GA10478@fuzi>
Mail-followup-to: debian-edu@lists.debian.org
In-reply-to: <[🔎] 514C95D7.2080502@web.de>
References: <[🔎] 514C95D7.2080502@web.de>

Hi Martin,

On Fri, Mar 22, 2013 at 06:33:11PM +0100, Martin Schulte wrote:
>
> while trying to upgrade to squeeze and restore old passwords, i had
> a look to the ldap in squeeze. I found the two attributes
> 'krbPrincipalKey' and 'sambaMungedDial'. Can someone tell me, what
> is the use of these two attributes and how they are generated? Is
> there a relation between the userpassword and these two attributes?
>
> Actually i try to replace the value of the attributes
> 'userPassword', 'sambaLMPassword', 'sambaNTPassword' from the
> squeeze ldap with the values from the lenny ldap.

The authentication method has changed completely in squeeze.  Instead
of storing a hashed password in LDAP as it has been the case in Lenny,
Squeeze uses Kerberos keys.  These are also some kind of a user's
password, but can also be used to encrypt any connection over the
network.  There is no way to convert the password hash from Lenny to a
Kerberos principal key, so you have to create these from clear text
passwords.  I am not familliar with the samba stuff however.

Best regards,

     Andi

Reply to:

Follow-Ups:
- Re: 'krbPrincipalKey' and 'sambaMungedDial'
  - From: Martin Schulte <schulte-martin@web.de>

References:
- 'krbPrincipalKey' and 'sambaMungedDial'
  - From: Martin Schulte <schulte-martin@web.de>

Prev by Date: 'krbPrincipalKey' and 'sambaMungedDial'
Next by Date: Upload rights
Previous by thread: 'krbPrincipalKey' and 'sambaMungedDial'
Next by thread: Re: 'krbPrincipalKey' and 'sambaMungedDial'
Index(es):
- Date
- Thread