hartmans at MIT.EDU
Wed Aug 16 15:16:51 EDT 2006
>>>>> "Andrew" == Andrew Bartlett <abartlet at samba.org> writes:
Andrew> Has anything more happened on this?
Novell responded explaining why it was different between MIT and
Heimdal and you never responded to that.
Andrew> I'm not as worried about the broader question of schema
Andrew> compatibility (but it would be nice) as I am about this
Andrew> particular attribute (and perhaps a representation of the
Andrew> password's last changed time). That is, these are
Andrew> attributes that an LDAP server might be expected to write
Andrew> to, if it were to implement a single password for multiple
I would feel very uncomfortable with the LDAP server updating this
directly. I think that the right way to handle this would be to
standardize a way for LDAP servers to call out to KDCs to ask them to
update their password attribute. Possibly the set password protocol
Nico is working on is sufficient; possibly it is not.
I definitely don't want to see this particular attribute modified by
More information about the krbdev