krbUPEnabled LDAP attribute
Savitha R
rsavitha at novell.com
Wed Jun 18 00:34:53 EDT 2008
>>> On Tue, Jun 17, 2008 at 8:37 AM, in message
<1213672030.17827.44.camel at klausk.br.ibm.com>, Klaus Heinrich Kiwi
<klausk at linux.vnet.ibm.com> wrote:
> Is this attribute actually supported in the current KDB LDAP plugin
> implementation? ie.: The only code I can see that it's dealing with this
> attribute in the current tree refers to setting the permissions to this
> attribute in the LDAP Database (ldap_service_rights.c).
>
No, this attribute is not supported in the current LDAP plugin implementation.
> And what actually means that "directory User Password has to be
> used" (krbUPEnabled=TRUE)? The required password to authenticate a user
> principal would be the same password used to bind with this user DN in
> the directory? Is that possible with the current KDB Abstraction Layer?
yes, this is to enable the user to use the same password for directory authentication
and kerberos authentication. There could be various ways of achieving this.
We have implemented an external mechanism which synchronizes the directory
and kerberos passwords
-Savitha
More information about the Kerberos
mailing list