authenticate user via ldap bind
alexjl2 at thenode.info
alexjl2 at thenode.info
Mon May 29 05:38:58 EDT 2023
Hi list,
recently the need arose in our institution to setup a kerberos infrastructure so that
users can login on windows machines using their institutional credentials. From what I
remember though from a mit kdc deployment I did many years ago, I had to have the user
passwords in cleartext in order to create the kerberos principals.
In this instance, user passwords are stored in our LDAP server (OpenLDAP), hashed. All our
services currently validate user credentials by attempting an LDAP bind either directly or
via another protocol implementation (Shibboleth IdP, FreeRADIUS, Keycloak etc).
So my question is, is there a way to implement kerberos without knowledge of the plaintext
passwords, or do we have to somehow capture the credentials during users' login to other
services and then sync them to the kdc db?
Thanks,
John
More information about the Kerberos
mailing list