LDAP-Kerberos sync passwords
Adriana Gologaneanu
adriana.gologaneanu at rcs-rds.ro
Mon Apr 6 08:58:49 EDT 2009
Hi again,
Thanks first for all your advices. I configured Heimdal Kerberos with
smbk5pwd plugin, it works. I have to do more tests from java client to
be sure the passwords are correctly syncing.
There is only a small error I have it at Gnome login with Ubuntu10
configured as client: "The system administrator has disabled your
account". It's the ldap account. Does it sounds to be a common error?
The user exists too in /etc/security/access.conf.
Regards,
Eduardo Sachs wrote:
> If you use Heimdal Kerberos, you can install the overlay smbk5pwd for OpenLDAP.
>
> It synchronizes the password for the Samba and Kerberos, and
> userPassword is fixed with the string {K5KEY}.
>
> Yes, you need configure your Heimdal Kerberos with backend LDAP.
>
> Read more in:
> http://www.openldap.org/devel//cvsweb.cgi/~checkout~/contrib/slapd-modules/smbk5pwd/README?rev=1.1.2.3&hideattic=0&sortbydate=1
> http://eduardosachs.org/mediawiki/index.php?title=Heimdal_Kerberos_%2B_Samba_PDC_%2B_OpenLDAP_%2B_Squid_no_Debian_Etch
> http://eduardosachs.org/mediawiki/index.php?title=Compilando_e_configurando_o_overlay_smbk5pwd_para_Debian_Etch
>
> Thanks!
>
> 2009/3/30 Adriana Gologaneanu <adriana.gologaneanu at rcs-rds.ro>:
>
>> Hi,
>>
>> I'm using LDAP for authorization and Kerberos for authentication. The
>> workstations are configured with pam_krb5 module.
>> There is a way to sync passwords between LDAP and Kerberos? Both are on
>> same machine and the passwords to ldap db are sent in MD5 via a virtual
>> java machine. I can't do same with Kerberos cause there are no free java
>> libraries. Also, I want to avoid ssh connection between java machine and
>> LDAP/Kerberos server.
>>
>> Many thanks,
>> Adriana
>> ________________________________________________
>> Kerberos mailing list Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>>
More information about the Kerberos
mailing list