decrypting the user password
Sean M. Pappalardo
spappalardo at renegadetech.com
Wed Feb 13 02:05:07 EST 2013
Hello.
On 02/13/2013 05:53 AM, Asmaa Ahmed wrote:
> I am having kerberos MIT integrated to LDAP as a backend which is
> good so far.The problem that I have some applications doesn't support
> Kerberos to restore the user credentials.
Do they support authentication with LDAP? If so, you can configure your
LDAP server to use SASL to check the user passwords against Kerberos.
See this article:
http://thomas.dereyck.eu/wiki/Setting%20up%20an%20LDAP%20server#Enabling_pass-through_authentication_to_Kerberos
> I wonder if I can decrypt
> the password from Kerberos server manually to have it in a plaintext,
As Chris said, that's a big security risk and completely defeats
Kerberos' purpose. If the applications don't allow any external
authentication, you might be able to find a plug-in that sits between
the application and the DB that intercepts the auth requests and
services them with SASL or Kerberos directly.
Sincerely,
Sean M. Pappalardo
Sr. Networks Engineer
Renegade Technologies
spappalardo at renegadetech.com
Office: (630) 631-6188
http://www.renegadetech.com
More information about the Kerberos
mailing list