Le 10 févr. 2013 20:28, "Howard Chu" <firstname.lastname@example.org> a écrit :
Emmanuel Lécharny wrote:
as I'm working on the Kerberos server, I have a few questions.
1) Currently, when the added entry has a userPassword AT and a
krb5PrincipalName AT (which means it has a krb5principal OC), we create
the kerberos Keys using the password.
The problem is that the userPassword is a multiValued AT, so we use the
first password in the list to generate the keys. This is not necessarily
a good idea, but I don't see how we can improve this.
In OpenLDAP the multiple userPassword values are just different hashes of the same plaintext. Does that approach work here?
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/