Password Ldap syncing

Predrag Zecevic [Unix Systems Administrator] predrag.zecevic at
Thu Mar 21 10:09:07 EDT 2013


we have implemented shell/php scripts which change password for user
(based on password policy) AND set kerberos password to be same as
userPassword attribute. That way, both are in sync (only for users which
are supposed to have krbPrincipalName defined)...

Our implementation (MIT Kerberos 5 using 389 DS as backend  DB) is
highly customized, so providing shell would be not very useful. But this
is one option to achieve your goal.


On 20.03.2013 15:02, sergio.conrad at wrote:
> Hello,
> I have a problem with password encryption
> There is at my work have an already in production ldap directory. The userPassword is 
> encrypted in {SSHA}. I am not planning to introduce some modifications into this 
> directory, but need the password to create Kerberos Principal.
> Is there a possibility to achieve this goal ?
> As a subsidiary question :
> I a am planning to create a new openldap directory (independant of the first one).
> In this directory, it is easy to inject SSHA encrypted password in userPassword attribut.
> It is of a use to use smbk5pwd overlay in this case to link with the kerberos password ?
> I think it is only working with command like ldappasswd. Is it pointless to sync SSHA 
> encrypted password with smbk5pwd .Have somebody got some information for this
> (I know smbk5pwd is for HEIMDAL implementation of kerberos)
> Thanks
> Serge Conrad
>, messager officiel du Rallye des Gazelles en 2013 ! Pour suivre le Rallye Aïcha des Gazelles et soutenir les participantes, cliquez sur
> ________________________________________________
> Kerberos mailing list           Kerberos at

Predrag Zečević, Technical Support Analyst, 2e Systems GmbH

Telephone: +49 6196 9505 815, Facsimile: +49 6196 9505 894
Mobile:    +49  174 3109 288,     Skype: predrag.zecevic
E-mail:    predrag.zecevic at

Headquarter:          2e Systems GmbH, Königsteiner Str. 87,
                      65812 Bad Soden am Taunus, Germany
Company registration: Amtsgericht Königstein (Germany), HRB 7303
Managing director:    Phil Douglas - Making your business fly!

You are only young once, but you can stay immature indefinitely.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 257 bytes
Desc: OpenPGP digital signature
Url :

More information about the Kerberos mailing list