krb5-sync-tools - Kerberos Active Directory synchronization tools

Distribution: Debian 8 (Jessie)
Repository: Debian Main amd64
Package name: krb5-sync-tools
Package version: 3.0
Package release: 4
Package architecture: amd64
Package type: deb
Installed size: 150 B
Download size: 51.13 KB
Official Mirror:
Provides tools to enable, disable, and set the password of an account in a Windows Active Directory using the same configuration used by the krb5-sync-plugin package. These supporting tools are normally used to handle queued changes created by the plugin that failed due to a temporary error, but can be used on their own.



  • krb5-sync


    Source package: krb5-sync

    Install Howto

    1. Update the package index:
      # sudo apt-get update
    2. Install krb5-sync-tools deb package:
      # sudo apt-get install krb5-sync-tools


    • /usr/sbin/krb5-sync
    • /usr/sbin/krb5-sync-backend
    • /usr/share/doc/krb5-sync-tools/README.gz
    • /usr/share/doc/krb5-sync-tools/TODO
    • /usr/share/doc/krb5-sync-tools/changelog.Debian.gz
    • /usr/share/doc/krb5-sync-tools/changelog.gz
    • /usr/share/doc/krb5-sync-tools/copyright
    • /usr/share/man/man8/krb5-sync-backend.8.gz
    • /usr/share/man/man8/krb5-sync.8.gz


    2014-04-13 - Russ Allbery <> krb5-sync (3.0-4) unstable; urgency=medium * Actually use dh_autoreconf rather than only depending on it. Thanks to Matthias Klose for the report. (Closes: #744600) * Enable parallel builds.

    2014-02-09 - Russ Allbery <> krb5-sync (3.0-3) unstable; urgency=medium * The change in 3.0-3 fixed the test suite failure on all architectures except armel, which appears to still be failing with a variation on the original issue. Further expand the valid timing range on the test, since this seems to be on the right track but just didn't go far enough.

    2014-02-09 - Russ Allbery <> krb5-sync (3.0-2) unstable; urgency=medium * Fix the tools/backend test suite to be less sensitive to timing when queuing changes. (Closes: #738364)

    2013-12-09 - Russ Allbery <> krb5-sync (3.0-1) unstable; urgency=low * New upstream release. - Module name changed to This will require configuration changes in the KDC krb5.conf or kdc.conf configuration file in the [plugins] section. - The ad_ldap_base configuration parameter must now contain the full DN of the tree in Active Directory where account information is stored, and is now mandatory for status synchronization. - New option ad_base_instance, which allows an instance's password to be synchronized to the unqualified principal name in Active Directory. - New option ad_queue_only that, if set to true, forces queuing of all changes rather than pushing any changes immediately. - New option syslog that, if set to false, suppresses supplemental syslog logging of notice, info, and debug messages. - All failed Active Directory password changes are now queued, instead of just those that returned specific errors. - krb5-sync-backend now requires its parameters be given after the subcommand. - krb5-sync-backend now supports a -d option to specify the path to the queue directory. - krb5-sync-backend process skips queue files that no longer exist by the time we get to them. * Update standards version to 3.9.5 (no changes required).

    2013-05-11 - Russ Allbery <> krb5-sync (2.3-2) unstable; urgency=low * Upload to unstable. * Update standards version to 3.9.4. - Add Vcs-Git and Vcs-Browser control fields.

    2012-09-18 - Russ Allbery <> krb5-sync (2.3-1) experimental; urgency=low * New upstream release. - Also protect against a NULL password on Heimdal. - Ignore "Operation not permitted" errors in krb5-sync-backend when running in silent mode. * Switch to xz compression for the upstream and Debian tarballs and the Debian packages. * Mark krb5-sync-tools Multi-Arch: foreign. * Remove debugging display of config.log from the build rules. * Convert debian/copyright to copyright-format 1.0. * Update standards version to 3.9.3 (no changes required).

    2012-09-17 - Russ Allbery <> krb5-sync (2.2-3) unstable; urgency=low * Apply upstream commit to silently ignore password changes with a NULL password, only new keys. This represents a key randomization, such as from addprinc -randkey, which is outside the synchronization scope of this package. Without this change, the plugin would segfault on that operation. (Closes: #687346)

    2012-02-07 - Russ Allbery <> krb5-sync (2.2-2) unstable; urgency=low * Fix debian/rules syntax for setting hardening flags and enable bindnow and PIE. * Regenerate the Autotools build system with dh-autoreconf. * Bump debhelper dependency to 9 now that compatibility mode V9 is no longer experimental. * Move single-debian-patch to local-options and patch-header to local-patch-header so that they only apply to the packages I build and NMUs get regular version-numbered patches.