[keycloak-dev] Password Changes with Kerberos

Steven Mirabito stevenmirabito at gmail.com
Thu Jan 26 16:16:04 EST 2017

Hi all,

I didn't see anything in Jira regarding this, so I figured I'd ask here. I
have an organization that uses OpenLDAP and Kerberos to authenticate users,
and have set up an LDAP federation provider and enabled Kerberos
integration. That part works great, but if I enable write on the federation
provider and try to change a user's password, it attempts to update the
password through LDAP and not Kerberos. I took a look
at LDAPStorageProvider.java and it appears that there isn't support for
updating credentials via Kerberos when Kerberos integration is enabled, and
the Kerberos federation provider itself doesn't currently support password

As this is necessary to enable password changes through Keycloak for my
organization, I wanted to reach out and see if there were any suggestions
as to how I could go about implementing this and to get any feedback or
concerns regarding this feature. It looks fairly simple to implement with
the ApacheDS kerberos-client: http://stackoverflow.com/a/34575316



More information about the keycloak-dev mailing list