[Samba] LDAP + SASL (kerberos) password syncing

Mark Roach mrroach at okmaybe.com
Thu Jan 20 01:16:01 GMT 2005

I am getting a bit confused about which methods to use to keep my
passwords synced given the following scenario.

Samba PDC using LDAP backend.
LDAP uses {SASL}princ at REALM type passwords
Sasl mechanism is saslauthd using kerberos5

I can use pam like:

password  required  pam_smbpass.so
password  required pam_krb5.so use_first_pass

and then passwd will set both passwords

but how can I make it so that changing user password from a windows
workstation will also change the kerberos password? "pam passwd change"
does not seem to be doing the trick.

On a side note, is there a way to test windows-style password changing
from the server? I'm assuming smbpasswd won't do the trick, I expected
something like net rpc passwd...



More information about the samba mailing list