[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: Protocols of heimdal servers



Jose Gonzalez Gomez wrote:
> ---------- Forwarded message ----------
> From: Jose Gonzalez Gomez <jgonzalez.openinput@gmail.com>
> Date: Tue, 25 Jan 2005 09:25:16 +0100
> Subject: Re: Protocols of heimdal servers
> To: Howard Chu <hyc@highlandsun.com>
> 
> 
> On Mon, 24 Jan 2005 21:32:31 -0800, Howard Chu <hyc@highlandsun.com> wrote:
> 
>>Luke Howard wrote:
>>
>>>>Any pointers or ideas Luke? I know your pretty sharp with ldap/kerberos
>>>>and all those other goodies! What do you think of my suggesstion to
>>>>write a java wrapper around the various C based components? I admit I am
>>>>way out of my league here but just trying to spark some good lively
>>>>discussion.
>>
>>>I think the best (and only) way is to read the code in lib/kadm5.
>>
>>My approach here is to use the Heimdal KDC backed by LDAP and do all
>>administration through LDAP. Much less ambiguity this way.

> In fact I have my database stored in LDAP, and I planned to do all the
> administration this way using Java/JNDI, but I don't have any clue
> about how to modify the krb5Key attribute, where I guess the password
> is stored, am I right? How can I update it? I guess I must also update
> the krb5KDCFlags... is there any documentation about this? Or should I
> read the code as Luke sugested?

Yes.

You can also have a look at OpenLDAP cvs contrib/slapd-modules/smbk5pwd 
for starters. Of course the code I wrote there is all derived from 
reading the source to lib/kadm5 and lib/hdb.

-- 
   -- Howard Chu
   Chief Architect, Symas Corp.       Director, Highland Sun
   http://www.symas.com               http://highlandsun.com/hyc
   Symas: Premier OpenSource Development and Support