Patrick Ben Koetter <p@xxxxxxxxxxxxxxxx> writes: > * Sebastian Hagedorn <Hagedorn@xxxxxxxxxxxx>: >> Hi Gary, >> >> --On 28. November 2007 19:40:22 -0600 Gary Mills <mills@xxxxxxxxxxxxxxx> >> wrote: >> >> >We have a central database that contains Unix, NTLM, and SASL >> >passwords, permitting single-password signons for Unix and Windows >> >desktops, and for Cyrus IMAP. I'd like to add Kerberos to this mix, >> >but only for IMAP authentications initially. This would permit >> >single-signon from Unix IMAP clients like mutt and pine, and >> >especially from a webmail application using pubcookie for >> >authentication. I'd like Kerberos to use the same passwords, rather >> >than supporting another password database. Is anybody doing this? Is >> >it even possible? >> >> I don't think so, but I could be wrong. > > I've heard (!) that if the central database is LDAP one can use an OpenLDAP > overlay that syncronizes passwords in several services and IIRC Kerberos was > also mentioned. See <http://www.symas.com/introtooverlays.shtml> and look for > "smbk5pwd". This overlay is only synchronising smb and krb5 passwords if these are helt in the directory, for krb5 this can only be achieved with heimdal krb5. -Dieter -- Dieter Klünter | Systemberatung http://www.dkluenter.de GPG Key ID:8EF7B6C6
