ldap_service_password_file format question
Will Fiveash
William.Fiveash at sun.com
Tue Jun 6 13:42:00 EDT 2006
On Tue, Jun 06, 2006 at 05:43:43AM -0600, Savitha R wrote:
> The format is:
>
> ObjectDN#{encformat}encstring
>
> ObjectDN: DN of the object for which the password is stashed.
> encformat: Format in which the password is stored. Currently only
> hexadecimal{HEX} is supported. The password is converted to hex and
> stored.
> For certificate based authentication the format will be {FILE}. For
> now, it works based on the entries in the ldaprc file and does not
> require encstring.
> encstring: encoded password string.
Thanks for the info. What I just discovered is that "kdb5_ldap_util
stashsrvpw" is the utility that creates these entries. It creates an
entry in the ldap_service_password_file like:
cn=kdc service#{HEX}7465737431323334
Why not encrypt these passwords with the master key then convert to hex?
> >>> On Tue, Jun 6, 2006 at 6:14 am, in message
> <20060606004441.GG23943 at sun.com>,
> Will Fiveash <William.Fiveash at sun.com> wrote:
> > What is the format for the ldap_service_password_file in the latest
> MIT
> > ldap code?
--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
More information about the krbdev
mailing list