directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@apache.org>
Subject Re: Kerberos keys & passwords
Date Sun, 10 Feb 2013 19:49:33 GMT
Le 10 févr. 2013 20:28, "Howard Chu" <hyc@symas.com> a écrit :

> Emmanuel Lécharny wrote:
>
>> Hi guys,
>>
>> as I'm working on the Kerberos server, I have a few questions.
>>
>> 1) Currently, when the added entry has a userPassword AT and a
>> krb5PrincipalName AT (which means it has a krb5principal OC), we create
>> the kerberos Keys using the password.
>>
>> The problem is that the userPassword is a multiValued AT, so we use the
>> first password in the list to generate the keys. This is not necessarily
>> a good idea, but I don't see how we can improve this.
>>
>
> In OpenLDAP the multiple userPassword values are just different hashes of
> the same plaintext. Does that approach work here?
>
> --
>   -- Howard Chu
>   CTO, Symas Corp.           http://www.symas.com
>   Director, Highland Sun     http://highlandsun.com/hyc/
>   Chief Architect, OpenLDAP  http://www.openldap.org/**project/<http://www.openldap.org/project/>
>

Mime
View raw message