Hi Veli-Matti, On Wed, May 05, 2010 at 04:41:41PM +0300, Veli-Matti Lintu wrote: > ma, 2010-05-03 kello 21:47 +0200, Andreas B. Mundt kirjoitti: > > > The critical point in using kerberos is the synchronization > > i.e. integration of all passwords: posix, samba and kerberos. [...] > We've been figuring out for a while what to do with this syncing problem > and we just finished smbkrb5pwd for MIT kerberos. Its implementation > differs from smbk5pwd for Heimdal, but the idea is to sync all the > passwords at once when ldap password is changed. This is the first > version and it still needs work, but if you are interested testing it, > here are instructions on how to use it: > > http://www.opinsys.fi/en/smbkrb5pwd-password-syncing-for-openldap-mit-kerberos-and-samba > > smbkrb5pwd does not alter the kerberos ldap entries directly, but > connects kadmind to do the work. This has pros and cons, but for us it > seems to work nicely in test environments. The testing has been done on > Ubuntu 10.04, but I cannot see why it wouldn't work in Debian also.
Many thanks for these links. I am currently investigating pros and cons of the various methods used to achive synchronized passwords. Do you know of any activities to get this package into mainline Ubuntu/Debian? Regards, Andi -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100512142204.ga7...@flashgordon