[Freeipa-users] Kerberos Password change limitation while behind a NAT
Rob Crittenden
rcritten at redhat.com
Thu Sep 30 17:34:04 UTC 2010
Marc Schlinger wrote:
> Le 30/09/2010 18:30, Simo Sorce a écrit :
>> You can use ldappasswd too, either with GSSAPI auth or eventually even
>> with plaintext auth (require using SSL) in that case though you will
>> neeed to know the user DN.
>>
>> Simo.
>>
>
> So if a user logs in when his password is expired, will pam_ldap in the
> pam password step do the trick ?
>
> I still wonder how ldappasswd can change the kerberos password.
We keep passwords in sync regardless of the mechanism used to change it.
rob
More information about the Freeipa-users
mailing list