Password Ldap syncing

Predrag Zecevic [Unix Systems Administrator] predrag.zecevic at 2e-systems.com
Thu Mar 21 10:09:07 EDT 2013 

Hi,

we have implemented shell/php scripts which change password for user
(based on password policy) AND set kerberos password to be same as
userPassword attribute. That way, both are in sync (only for users which
are supposed to have krbPrincipalName defined)...

Our implementation (MIT Kerberos 5 using 389 DS as backend  DB) is
highly customized, so providing shell would be not very useful. But this
is one option to achieve your goal.

Regards.

On 20.03.2013 15:02, sergio.conrad at laposte.net wrote:
> Hello,
> I have a problem with password encryption
> There is at my work have an already in production ldap directory. The userPassword is 
> encrypted in {SSHA}. I am not planning to introduce some modifications into this 
> directory, but need the password to create Kerberos Principal.
> 
> Is there a possibility to achieve this goal ?
> 
> As a subsidiary question :
> I a am planning to create a new openldap directory (independant of the first one).
> In this directory, it is easy to inject SSHA encrypted password in userPassword attribut.
> It is of a use to use smbk5pwd overlay in this case to link with the kerberos password ?
> I think it is only working with command like ldappasswd. Is it pointless to sync SSHA 
> encrypted password with smbk5pwd .Have somebody got some information for this
> (I know smbk5pwd is for HEIMDAL implementation of kerberos)
> 
> 
> Thanks
> Serge Conrad
> 
> Laposte.net, messager officiel du Rallye des Gazelles en 2013 ! Pour suivre le Rallye Aïcha des Gazelles et soutenir les participantes, cliquez sur www.laposte.net/thematique/rallye-des-gazelles
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 

-- 
Predrag Zečević, Technical Support Analyst, 2e Systems GmbH

Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile:    +49  174 3109 288,     Skype: predrag.zecevic
E-mail:    predrag.zecevic at 2e-systems.com

Headquarter:          2e Systems GmbH, Königsteiner Str. 87,
                      65812 Bad Soden am Taunus, Germany
Company registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director:    Phil Douglas

http://www.2e-systems.com/ - Making your business fly!

[***]===---
You are only young once, but you can stay immature indefinitely.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 257 bytes
Desc: OpenPGP digital signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20130321/2cf1f4b5/attachment.bin

More information about the Kerberos mailing list