Re: Patch to prevent krb5Key attrs in Samba LDAP entries

["James F. Hranicky" <jfh@cise.ufl.edu>]

On Thu, 19 May 2005 11:16:49 +1000
Andrew Bartlett <abartlet@samba.org> wrote:

> > 	- removes the need for the smbk5pwd overlay for Heimdal/Samba
> > 	  syncing
> 
> I still think this is the best way forward, but I know it isn't easy
> changing details on the LDAP server side of things (which is why I have
> not been able to run that overlay).

Sorry, I'm not sure I get your meaning -- you like the idea of using
the overlay? Could you elaborate on why?

> > 	- prevents the unnecessary addition of the krb5EncryptionType
> > 	  attribute
> > 
> > This probably isn't the best way to handle this as there's no configuration
> > option, so I'd appreciate any comments on this issue.
> 
> I think the last point is the key issue here.  A patch that I think
> would make more sense is one that uses the presence of an existing
> krb5key attribute to determine if it should be updated.

I could probably code it up if there's interest in getting it into
the distribution.

Jim