LDAP schema questions
Luke Howard
lukeh at padl.com
Tue Jun 20 09:38:12 EDT 2006
>In the current implementation, all the attributes and its values (except for krbsecretkey)
>are shared by all the principals attached to a user.
>
>We understand that some of these attribute values(like principal expiration time
>and password expiration time) may differ between principals. We are looking at
>creating separate principal objects when more than one principal is associated
>with a user object.
The "user" is a construction internal to eDirectory, correct? So
the current implementation should not care what structural class
user principals are associated with as long as it is not
krbPrincipalAux? ie. is there anything in the code which actually
cares about the association between krbPrincipal and a user, apart
from possibly UP synchronization?
(Again, I think that using the object class to determine principal
type is undesirable but see previous mail.)
-- Luke
--
More information about the krbdev
mailing list