in reply to Re: Change a user's Kerberos Password?
in thread Change a user's Kerberos Password?

Looking at the change_LDAP_password function in locksmith (at least in trunk) I notice you are hashing and replacing the attribute directly. It is probably easier/cleaner/better? to test for and use the ldap exop for password changes:

$msg = $ldaph->set_password(user => $dn, newpasswd => $newpass, oldpasswd => $oldpass);

This will let stuff like the openLdap smpk5pwd and ppolicy modules take care of other password related stuff like syncing NT/LANMAN passwords (needed for MSCHAP/eap/peap for wifi via radius) and password policy enforcement on the server. It also handles the encryption on the server with whatever standard the admin has setup in it there.

  • Comment on Re^2: Change a user's Kerberos Password?

Replies are listed 'Best First'.
Re^3: Change a user's Kerberos Password?
by 5mi11er (Deacon) on Apr 22, 2013 at 14:37 UTC
    Probably an excellent suggestion, but I haven't had to use that system in a while, and no longer have access to those systems, so I have no way of easily testing whether that would work or not.
[reply]

In Section Seekers of Perl Wisdom