Heimdal compatibility

Sam Hartman hartmans at MIT.EDU
Wed Aug 16 15:16:51 EDT 2006

>>>>> "Andrew" == Andrew Bartlett <abartlet at samba.org> writes:

    Andrew> Has anything more happened on this?

Novell responded explaining why it was different between MIT and
Heimdal and you never responded to that.

    Andrew> I'm not as worried about the broader question of schema
    Andrew> compatibility (but it would be nice) as I am about this
    Andrew> particular attribute (and perhaps a representation of the
    Andrew> password's last changed time).  That is, these are
    Andrew> attributes that an LDAP server might be expected to write
    Andrew> to, if it were to implement a single password for multiple
    Andrew> protocols.

I would feel very uncomfortable with the LDAP server updating this
directly.  I think that the right way to handle this would be to
standardize a way for LDAP servers to call out to KDCs to ask them to
update their password attribute.  Possibly the set password protocol
Nico is working on is sufficient; possibly it is not.

I definitely don't want to see this particular attribute modified by
the server.


More information about the krbdev mailing list