Password Ldap syncing

Jean-Christophe Gay at
Thu Mar 21 05:58:42 EDT 2013

Le Wed, 20 Mar 2013 15:02:15 +0100,
sergio.conrad at a écrit :

> Hello,
> I have a problem with password encryption
> There is at my work have an already in production ldap directory. The
> userPassword is encrypted in {SSHA}. I am not planning to introduce
> some modifications into this directory, but need the password to
> create Kerberos Principal.
> Is there a possibility to achieve this goal ?

We had the same confuguration as yours and we didn't want to hack every
password in the LDAP.

What we did was simply change our "change password" application so it
can intercept the user's password, then create the kerberos principal
associated with this user, and then update the LDAP password.
With this set we simply asked every one to change his password, this
time allowing users to set their old password.

Jean-Christophe Gay -- Université Paris Dauphine
Responsable de la Sécurité des Systèmes d'Information
Tel : 01 44 05 45 04 at

More information about the Kerberos mailing list