How to synchronize Kerberos and SASL passwords?
Dieter Kluenter
dieter at dkluenter.de
Thu Nov 29 08:50:15 EST 2007
Patrick Ben Koetter <p at state-of-mind.de> writes:
> * Sebastian Hagedorn <Hagedorn at uni-koeln.de>:
>> Hi Gary,
>>
>> --On 28. November 2007 19:40:22 -0600 Gary Mills <mills at cc.umanitoba.ca>
>> wrote:
>>
>> >We have a central database that contains Unix, NTLM, and SASL
>> >passwords, permitting single-password signons for Unix and Windows
>> >desktops, and for Cyrus IMAP. I'd like to add Kerberos to this mix,
>> >but only for IMAP authentications initially. This would permit
>> >single-signon from Unix IMAP clients like mutt and pine, and
>> >especially from a webmail application using pubcookie for
>> >authentication. I'd like Kerberos to use the same passwords, rather
>> >than supporting another password database. Is anybody doing this? Is
>> >it even possible?
>>
>> I don't think so, but I could be wrong.
>
> I've heard (!) that if the central database is LDAP one can use an OpenLDAP
> overlay that syncronizes passwords in several services and IIRC Kerberos was
> also mentioned. See <http://www.symas.com/introtooverlays.shtml> and look for
> "smbk5pwd".
This overlay is only synchronising smb and krb5 passwords if these are
helt in the directory, for krb5 this can only be achieved with heimdal
krb5.
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6
More information about the Cyrus-sasl
mailing list