Ryan

Asked: 2018-04-06 12:32:50 +0800 CST2018-04-06 12:32:50 +0800 CST 2018-04-06 12:32:50 +0800 CST

Why both userPassword and krbPrincipalKey

When configuring MIT Kerberos to use an LDAP database instead of DB2, I was surprised to see that user password hashes are stored in two different fields: userPassword and krbPrincipalKey. Seems the hashing algorithms may be different, but that seems unnecessary too. Why not just consolidate to avoid synchronization issues?

1 Answers

Voted

84104
2018-04-06T13:08:48+08:002018-04-06T13:08:48+08:00
OpenLDAP cannot directly handle krbPrincipalKey data for authentication. I am not entirely familiar with how FreeIPA handles handles passwords, but for other OpenLDAP/Kerberos installations, OpenLDAP is often instructed to use SASL passthrough authentication.
0

Why both userPassword and krbPrincipalKey

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?