Password Ldap syncing
Jean-Christophe Gay
jean-christophe.gay at dauphine.fr
Thu Mar 21 05:58:42 EDT 2013
Le Wed, 20 Mar 2013 15:02:15 +0100,
sergio.conrad at laposte.net a écrit :
> Hello,
> I have a problem with password encryption
> There is at my work have an already in production ldap directory. The
> userPassword is encrypted in {SSHA}. I am not planning to introduce
> some modifications into this directory, but need the password to
> create Kerberos Principal.
>
> Is there a possibility to achieve this goal ?
We had the same confuguration as yours and we didn't want to hack every
password in the LDAP.
What we did was simply change our "change password" application so it
can intercept the user's password, then create the kerberos principal
associated with this user, and then update the LDAP password.
With this set we simply asked every one to change his password, this
time allowing users to set their old password.
--
Jean-Christophe Gay -- Université Paris Dauphine
Responsable de la Sécurité des Systèmes d'Information
Tel : 01 44 05 45 04
jean-christophe.gay at dauphine.fr
More information about the Kerberos
mailing list