Le 10 févr. 2013 20:28, "Howard Chu" <hyc@symas.com> a écrit :
Emmanuel Lécharny wrote:
Hi guys,

as I'm working on the Kerberos server, I have a few questions.

1) Currently, when the added entry has a userPassword AT and a
krb5PrincipalName AT (which means it has a krb5principal OC), we create
the kerberos Keys using the password.

The problem is that the userPassword is a multiValued AT, so we use the
first password in the list to generate the keys. This is not necessarily
a good idea, but I don't see how we can improve this.

In OpenLDAP the multiple userPassword values are just different hashes of the same plaintext. Does that approach work here?

--
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/