[38044] in Kerberos
Re: Kerberos and LDAP password sync question
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Aug 2 01:28:23 2017
To: Lucas Dutra <lucasdutraveiga3@gmail.com>, kerberos@mit.edu
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <b07a8d13-685b-ba5d-164b-532a7924e7ba@mit.edu>
Date: Wed, 2 Aug 2017 01:27:48 -0400
MIME-Version: 1.0
In-Reply-To: <CAAsH05gtQQq2to_yr-YEwf+mq2D5CE9_84hxBfebg2jA3ue+qg@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 08/01/2017 03:14 AM, Lucas Dutra wrote:
> So, about the password sync between MIT Kerberos and LDAP, i’ve been
> reading and discovered the package smbk5pwd does this automatically, but
> this one only support Heimdal Kerberos. Anyone know if there is any better
> solution for the password sync?
There's krb5-sync, which works with MIT krb5 or Heimdal. It's designed
to sync to Active Directory, so while it does sync passwords via LDAP,
I'm not sure it will work with just any LDAP server as the target.
https://www.eyrie.org/~eagle/software/krb5-sync/
> And just one more question, can i use a Heimdal KDC and a MIT Client
> without a compatibility problem? Or vice-versa.
For the standard Kerberos protocol and for password changes, yes.
Administrative operations (kadmin) do not use a standard protocol. I
believe Heimdal implements limited admin protocol compatibility with MIT
krb5, but I'm not familiar with the details of that.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
