directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Howard Chu <>
Subject Re: Kerberos keys & passwords
Date Sun, 10 Feb 2013 19:28:34 GMT
Emmanuel L├ęcharny wrote:
> Hi guys,
> as I'm working on the Kerberos server, I have a few questions.
> 1) Currently, when the added entry has a userPassword AT and a
> krb5PrincipalName AT (which means it has a krb5principal OC), we create
> the kerberos Keys using the password.
> The problem is that the userPassword is a multiValued AT, so we use the
> first password in the list to generate the keys. This is not necessarily
> a good idea, but I don't see how we can improve this.

In OpenLDAP the multiple userPassword values are just different hashes of the 
same plaintext. Does that approach work here?

   -- Howard Chu
   CTO, Symas Corp. 
   Director, Highland Sun
   Chief Architect, OpenLDAP

View raw message