[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Password hashes in Debian Edu (and migrating from pre-Squeeze installations) (Was: Bug#720396: debian-edu-config: debian-edu-config/tools/gosa-create buggy with set -e)

Hi Petter, hi Moritz,

On Mi 21 Aug 2013 20:30:06 CEST Petter Reinholdtsen wrote:

The goal is to migrate everything to Kerberos, but we have not had
time to figure out how to do this with all the services provided by
Debian Edu yet.

Authenticating LDAP bind via Kerberos is feasible and easy to set up. That will come for D-E jessie (i.e. post-wheezy).

What is not possible is using Kerberos as a Samba Authentication backend. We could start playing with Samba4 and activating AD in Samba, but then we need a replacement for GOsa² that knows how to maintain an Active-Directory-like LDAP data information tree. So, this is very unlikely to come within the next decades ;-) (though you never can be sure!!!).

i ask because that could cause a problem with my migrating
pasaworshashes from older skole versions.

It will.  The olds hash is only usable for LDAP bind and Samba, while
login now require Kerberos info.

The password sync'ing currently is provided via GOsa² password changes and via password changes through Samba (Ctrl+Alt+Del -> Change password on Windows machines).

We still need to establish a cmdline replacement that works via PAM. (see [1]).


[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704461


mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de


Attachment: pgpdh5SAPrL6v.pgp
Description: Digitale PGP-Unterschrift

Reply to: