Re: Fwd: I'm about to start coding a plugin for Heimdal Kerberos V and have a question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

sorry for the delayed response I'm on vacation so I haven't been
checking my email regularly.

On Thu, Feb 20, 2014 at 5:15 PM, Rich Megginson <rmeggins@xxxxxxxxxx> wrote:
> On 02/20/2014 03:11 PM, Paul Robert Marino wrote:
>>
>> I tried asking this on the developer list and didn't get an answer
>
>
> There is no good answer, which is probably why no one replied . . .
>
>
>> so
>> im trying the user list now
>>
>> So here is my goal I am about to write a plugin for Heimdal KDC's to
>> update matching password fields in LDAP servers.
>> In the case of 389 server it will also allow 389 server to manage
>> password quality checks.
>>
>> Ive been looking over the 389 servers docs and there is something I'm
>> unclear about.
>> How do I pass the password to 389 server to trigger the quality check
>> and update?
>
>
> There isn't a SLAPI way to do that.  FreeIPA did something similar with
> their samba/kerberos password plugin, and they copy/pasted liberally from
> the core 389 server code.

It doesn't need to be via SLAPI in fact for compatibility reasons its
actually better if its not via SLAPI but instead a direct LDAP query.
If it is as you say than I dont see how a user updating their pasword
from a client node can ever be forced to use the password quality
check which seam to make it somewhat useless. Instead I would have
expected the check to be executed by a post modify trigger on the
password field or some other intermediate field.

>
>> Is it simply just a bind as an administrator then update the users
>> password field with clear text password and let 389 server check and
>> hash it from there, or is there more to it like a C API call?
>>
>> If any one can point me to the appropriate doc or even better section
>> of the appropriate doc that would be very helpful.
>> If any one just happens to knows the answer I would appreciate that too.
>>
>> Note: The resulting plugin will be posted on Github with a GPL license
>> when I'm done.
>>
>> Thank You
>> --
>> 389 users mailing list
>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux