From William.Fiveash at sun.com Tue Feb 14 19:11:52 2006 From: William.Fiveash at sun.com (Will Fiveash) Date: Tue, 14 Feb 2006 18:11:52 -0600 Subject: [Kdc-info] Preliminary draft of LDAP Kerberos schema In-Reply-To: References: Message-ID: <20060215001152.GA6668@sun.com> On Mon, May 16, 2005 at 09:48:42PM -0600, Rajasekaran Nagarajan wrote: > Attached is a preliminary draft of LDAP Kerberos schema. > > Please, provide your comments on this, so that it can be refined to be > generic enough for catering to the needs of different Kerberos > distributions. > Network Working Group Nagarajan > Internet-Draft Novell, Inc. > Expires: November 18, 2005 May 17, 2005 > > > Kerberos version 5 schema for LDAP Directories > draft-rajasekaran-kerberos-schema-00 > [...] > 4.3 krbService > > krbService class is an abstract class and serves as a super class for > krbKdcService, krbAdmService and krbPwdService. > > An instance of a class derived from krbService is created per > Kerberos authentication or administration server or password server > in a realm and holds the references to the realm objects. These > references are used to further read realm specific data to service > AS/TGS requests. Additionally this object contains some server > specific data like pathnames and ports that the server uses. This is > the identity the Kerberos server logs in with. krbKdcService and > krbPwdService all derive from this class. > > Definition: > ( IANA-ASSIGNED-OID.6.3 > NAME 'krbService' > ABSTRACT > SUP ( top $ Server $ ndsLoginProperties ) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ A coworker at Sun points out: The krbService is a subclass of 2 Novell's specific objectClasses, not standard (server and ndsLoginProperties). Will this be addressed in the upcoming revision? > MUST ( cn ) > MAY ( krbHostServer $ krbServiceFlags $ krbRealmReferences )) > > Naming Attribute: > cn > > Containment: > organization, organizationalunit, country, locality, domain, > krbRealmContainer -- Will Fiveash Sun Microsystems Inc. Austin, TX, USA (TZ=CST6CDT)