Kerberos and LDAP password sync question

Russ Allbery eagle at eyrie.org
Wed Aug 2 15:28:15 EDT 2017


Greg Hudson <ghudson at mit.edu> writes:

> There's krb5-sync, which works with MIT krb5 or Heimdal.  It's designed
> to sync to Active Directory, so while it does sync passwords via LDAP,
> I'm not sure it will work with just any LDAP server as the target.

> https://www.eyrie.org/~eagle/software/krb5-sync/

It doesn't use LDAP to store the password, only the account status.  It
uses the Kerberos password change protocol to store the password.  So that
won't be immediately helpful for a generic LDAP server.

-- 
Russ Allbery (eagle at eyrie.org)              <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list