adding password update functionality to libpam-krb5-migrate-heimdal

To: debian-security@lists.debian.org
Subject: adding password update functionality to libpam-krb5-migrate-heimdal
From: Henry Graham <hzgraham4@gmail.com>
Date: Fri, 21 Dec 2012 12:40:44 -0500
Message-id: <[🔎] CAMwV8jNuo+GtpKCOGaZ6-2jLfM1-2p9Bmqhu=O_o1VnJ2JPdug@mail.gmail.com>

Our situation is that I configured our Heimdal Kerberos setup to use libpam-krb5-migrate-heimdal to migrate user accounts from an LDAP server that uses an authentication backend of Active Directory (which we do not have admin control over)...and we use the Active Directory accounts for most of our authentication but we are trying to piggyback Krb5/NFSv4 onto that system.

Initial migration works fine, but the problem is that if a user changes a password in AD then that does not propagate over to our kerberos server. To remedy this I modified the libpam-krb5-migrate-heimdal package for our local use by adding a function from the libkadm5srv8-heimdal package to sync passwords with the LDAP/AD accounts during each log in and it works well. (granted they could use kpasswd but we are trying to keep this as simple for the user as possible)

I was wondering if this password syncing would be a good patch I could submit to the Debian community? My idea would be to add another pam module option that would enable this feature if desired.

Reply to:

Prev by Date: Re: pre-screening new package: SQLCipher, based on SQLite3
Next by Date: Jean-Baptiste PERON est absent(e).
Previous by thread: Re: pre-screening new package: SQLCipher, based on SQLite3
Next by thread: Jean-Baptiste PERON est absent(e).
Index(es):
- Date
- Thread