[Cpu-users] Kerberos Users
Brought to you by:
matheny
Menu
▾
▴
[Cpu-users] Kerberos Users
|
From: Blake M. <bma...@pu...> - 2003-03-31 21:31:04
|
Someone had posted the following:
-------------------------------------------------------------
My network uses LDAP with krb5 passwords such that the password entry in ldap
is {KERBEROS}princ@REALM
Glancing at cpu, the ldap plugin can't quite support this, and it would still
require me to add a principle with a second command. However, only one plugin
is allowed. Would it be preferable (if I ever get the time, so probably not)
for an altered ldap to allow for this setup and create the entry (ldap-krb5
module) or a restructure to allow a user module and a password module?
-------------------------------------------------------------
I added code to CVS that allows the following:
If you specify a hash (-H hashname) where hashname is unknown to CPU, the
default behavior is to add the following value for the userPassword attribute:
hashnamecleartextpass.
So to accomplish the above request, someone would do
cpu useradd -H \{KERBEROS\} -pprinc@REALM
That should allow people to deal with some other schemes. Also, I never got
any feedback on the -a switch, for specifying a file with additional
attributes. If I don't get any bug reports in a few more days, I'm probably
going to put out a new version. Thanks.
-Blake
--
Blake Matheny "... one of the main causes of the fall of the
bma...@pu... Roman Empire was that, lacking zero, they had
http://www.dbaseiv.net no way to indicate successful termination of
http://ovmj.org/GNUnet/ their C programs." --Robert Firth
|
