directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Howard Chu <...@symas.com>
Subject Re: Kerberos keys & passwords
Date Sun, 10 Feb 2013 19:28:34 GMT
Emmanuel L├ęcharny wrote:
> Hi guys,
>
> as I'm working on the Kerberos server, I have a few questions.
>
> 1) Currently, when the added entry has a userPassword AT and a
> krb5PrincipalName AT (which means it has a krb5principal OC), we create
> the kerberos Keys using the password.
>
> The problem is that the userPassword is a multiValued AT, so we use the
> first password in the list to generate the keys. This is not necessarily
> a good idea, but I don't see how we can improve this.

In OpenLDAP the multiple userPassword values are just different hashes of the 
same plaintext. Does that approach work here?

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Mime
View raw message