Re: 'krbPrincipalKey' and 'sambaMungedDial'
Hi Martin,
On Fri, Mar 22, 2013 at 06:33:11PM +0100, Martin Schulte wrote:
>
> while trying to upgrade to squeeze and restore old passwords, i had
> a look to the ldap in squeeze. I found the two attributes
> 'krbPrincipalKey' and 'sambaMungedDial'. Can someone tell me, what
> is the use of these two attributes and how they are generated? Is
> there a relation between the userpassword and these two attributes?
>
> Actually i try to replace the value of the attributes
> 'userPassword', 'sambaLMPassword', 'sambaNTPassword' from the
> squeeze ldap with the values from the lenny ldap.
The authentication method has changed completely in squeeze. Instead
of storing a hashed password in LDAP as it has been the case in Lenny,
Squeeze uses Kerberos keys. These are also some kind of a user's
password, but can also be used to encrypt any connection over the
network. There is no way to convert the password hash from Lenny to a
Kerberos principal key, so you have to create these from clear text
passwords. I am not familliar with the samba stuff however.
Best regards,
Andi
Reply to: