Kerberos and LDAP password sync question
Russ Allbery
eagle at eyrie.org
Wed Aug 2 15:28:15 EDT 2017
Greg Hudson <ghudson at mit.edu> writes:
> There's krb5-sync, which works with MIT krb5 or Heimdal. It's designed
> to sync to Active Directory, so while it does sync passwords via LDAP,
> I'm not sure it will work with just any LDAP server as the target.
> https://www.eyrie.org/~eagle/software/krb5-sync/
It doesn't use LDAP to store the password, only the account status. It
uses the Kerberos password change protocol to store the password. So that
won't be immediately helpful for a generic LDAP server.
--
Russ Allbery (eagle at eyrie.org) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list