[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: KDC {K5KEY} userPassword problem



On Wednesday 05 December 2007 03:15:13 Howard Chu wrote:
> Henry B. Hotz wrote:
> > I've no experience with LDAP back-ends, but isn't that entry supposed
> > to be used by the KDC, not by slapd?  In other words isn't it an
> > issue with the KDC reading it rather than slapd reading it?
> >
> > I wouldn't think that type of entry is supposed to be usable by
> > slapd, only by the kdc.
>
> The smbk5pwd overlay (which I wrote) in OpenLDAP knows how to parse the
> keys stored in LDAP by the Heimdal KDC. Of course for it to work, the
> overlay has to actually be configured on all of the relevant slapd
> instances...

... which also requires that the user as which slapd runs on each server must 
have read access to the stash key.

Regards,
Buchan