krb5-sync-plugin - MIT Kerberos Active Directory synchronization plugin

Property Value
Distribution Debian 8 (Jessie)
Repository Debian Main amd64
Package name krb5-sync-plugin
Package version 3.0
Package release 4
Package architecture amd64
Package type deb
Installed size 117 B
Download size 34.04 KB
Official Mirror
This plugin synchronizes passwords changed via kadmin or kpasswd to a
foreign realm via the Kerberos password change protocol (normally, but
not necessarily, an Active Directory realm).  It can also propagate
changes to the DISALLOW_ALL_TIX flag to Windows Active Directory using
This package provides a plugin for the MIT Kerberos KDC and will not work
with Heimdal.


Package Version Architecture Repository
krb5-sync-plugin_3.0-4_i386.deb 3.0 i386 Debian Main
krb5-sync-plugin - - -


Name Value
libc6 >= 2.14
libkadm5srv-mit9 >= 1.12~alpha1+dfsg
libkrb5-3 >= 1.10+dfsg~alpha1
libldap-2.4-2 >= 2.4.7
multiarch-support -


Type URL
Binary Package krb5-sync-plugin_3.0-4_amd64.deb
Source Package krb5-sync

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install krb5-sync-plugin deb package:
    # sudo apt-get install krb5-sync-plugin




2014-04-13 - Russ Allbery <>
krb5-sync (3.0-4) unstable; urgency=medium
* Actually use dh_autoreconf rather than only depending on it.  Thanks
to Matthias Klose for the report.  (Closes: #744600)
* Enable parallel builds.
2014-02-09 - Russ Allbery <>
krb5-sync (3.0-3) unstable; urgency=medium
* The change in 3.0-3 fixed the test suite failure on all architectures
except armel, which appears to still be failing with a variation on
the original issue.  Further expand the valid timing range on the
test, since this seems to be on the right track but just didn't go far
2014-02-09 - Russ Allbery <>
krb5-sync (3.0-2) unstable; urgency=medium
* Fix the tools/backend test suite to be less sensitive to timing when
queuing changes.  (Closes: #738364)
2013-12-09 - Russ Allbery <>
krb5-sync (3.0-1) unstable; urgency=low
* New upstream release.
- Module name changed to  This will require configuration
changes in the KDC krb5.conf or kdc.conf configuration file in the
[plugins] section.
- The ad_ldap_base configuration parameter must now contain the full
DN of the tree in Active Directory where account information is
stored, and is now mandatory for status synchronization.
- New option ad_base_instance, which allows an instance's password to
be synchronized to the unqualified principal name in Active
- New option ad_queue_only that, if set to true, forces queuing of all
changes rather than pushing any changes immediately.
- New option syslog that, if set to false, suppresses supplemental
syslog logging of notice, info, and debug messages.
- All failed Active Directory password changes are now queued, instead
of just those that returned specific errors.
- krb5-sync-backend now requires its parameters be given after the
- krb5-sync-backend now supports a -d option to specify the path to
the queue directory.
- krb5-sync-backend process skips queue files that no longer exist by
the time we get to them.
* Update standards version to 3.9.5 (no changes required).
2013-05-11 - Russ Allbery <>
krb5-sync (2.3-2) unstable; urgency=low
* Upload to unstable.
* Update standards version to 3.9.4.
- Add Vcs-Git and Vcs-Browser control fields.
2012-09-18 - Russ Allbery <>
krb5-sync (2.3-1) experimental; urgency=low
* New upstream release.
- Also protect against a NULL password on Heimdal.
- Ignore "Operation not permitted" errors in krb5-sync-backend when
running in silent mode.
* Switch to xz compression for the upstream and Debian tarballs and the
Debian packages.
* Mark krb5-sync-tools Multi-Arch: foreign.
* Remove debugging display of config.log from the build rules.
* Convert debian/copyright to copyright-format 1.0.
* Update standards version to 3.9.3 (no changes required).
2012-09-17 - Russ Allbery <>
krb5-sync (2.2-3) unstable; urgency=low
* Apply upstream commit to silently ignore password changes with a NULL
password, only new keys.  This represents a key randomization, such as
from addprinc -randkey, which is outside the synchronization scope of
this package.  Without this change, the plugin would segfault on that
operation.  (Closes: #687346)
2012-02-07 - Russ Allbery <>
krb5-sync (2.2-2) unstable; urgency=low
* Fix debian/rules syntax for setting hardening flags and enable bindnow
and PIE.
* Regenerate the Autotools build system with dh-autoreconf.
* Bump debhelper dependency to 9 now that compatibility mode V9 is no
longer experimental.
* Move single-debian-patch to local-options and patch-header to
local-patch-header so that they only apply to the packages I build and
NMUs get regular version-numbered patches.

See Also

Package Description
krb5-sync-tools_3.0-4_amd64.deb Kerberos Active Directory synchronization tools
krb5-user_1.12.1+dfsg-19+deb8u4_amd64.deb Basic programs to authenticate using MIT Kerberos
krdc_4.14.1-1_amd64.deb Remote Desktop Connection client
krecipes-data_2.0~beta2-3_all.deb recipes manager for KDE - data files
krecipes-doc_2.0~beta2-3_all.deb recipes manager for KDE - documentation
krecipes_2.0~beta2-3_amd64.deb recipes manager for KDE
kredentials_2.0~pre3-1.1_amd64.deb KDE taskbar applet to update kerberos/AFS credentials
kremotecontrol_4.14.2-1_amd64.deb frontend for using remote controls
krename_4.0.9-3+b1_amd64.deb powerful batch renamer for KDE
kreversi_4.13.1-1_amd64.deb reversi board game
krfb_4.14.2-1_amd64.deb Desktop Sharing utility
krita-data_2.8.5+dfsg-1_all.deb data files for Krita painting program
krita-gemini_2.8.5+dfsg-1+b2_amd64.deb fusion between Krita Sketch and Krita Desktop
krita-sketch_2.8.5+dfsg-1+b2_amd64.deb touch-friendly version of krita
krita_2.8.5+dfsg-1+b2_amd64.deb pixel-based image manipulation program for the Calligra Suite