Quoting Dominik George (2016-09-01 21:07:13) > I would, indeed, prefer to add Kerberos to our network as well, but at > the point where we figured out that we would want to have Kerberos, we > already had over a thousand users, and I have no idea how to add > Kerberos to that now. It would, in my understanding, involve having > each and every user reset their passwords, which is not feasable. > > If you happen to ahve an idea on how to add Kerberos without involving > actions by every user, please let me know and I will happily do. Should be possible to setup a custom PAM module that checks if the user is already in Kerberos, and if not captures the password and creates a Kerberos account for the user. After some time all _active_ users have triggered a Kerberos account creation, and you can migrate - dealing with password reset only for eventual inactive users chiming in later. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Attachment:
signature.asc
Description: signature