[38047] in Kerberos
Re: Kerberos and LDAP password sync question
daemon@ATHENA.MIT.EDU (Russ Allbery)
Wed Aug 2 15:30:20 2017
From: Russ Allbery <eagle@eyrie.org>
To: Greg Hudson <ghudson@mit.edu>
In-Reply-To: <b07a8d13-685b-ba5d-164b-532a7924e7ba@mit.edu> (Greg Hudson's
message of "Wed, 2 Aug 2017 01:27:48 -0400")
Date: Wed, 02 Aug 2017 12:28:15 -0700
Message-ID: <87mv7hydkg.fsf@hope.eyrie.org>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Greg Hudson <ghudson@mit.edu> writes:
> There's krb5-sync, which works with MIT krb5 or Heimdal. It's designed
> to sync to Active Directory, so while it does sync passwords via LDAP,
> I'm not sure it will work with just any LDAP server as the target.
> https://www.eyrie.org/~eagle/software/krb5-sync/
It doesn't use LDAP to store the password, only the account status. It
uses the Kerberos password change protocol to store the password. So that
won't be immediately helpful for a generic LDAP server.
--
Russ Allbery (eagle@eyrie.org) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
