[Kdc-info] Preliminary draft of LDAP Kerberos schema
Will Fiveash
William.Fiveash at sun.com
Tue Feb 14 19:11:52 EST 2006
On Mon, May 16, 2005 at 09:48:42PM -0600, Rajasekaran Nagarajan wrote:
> Attached is a preliminary draft of LDAP Kerberos schema.
>
> Please, provide your comments on this, so that it can be refined to be
> generic enough for catering to the needs of different Kerberos
> distributions.
> Network Working Group Nagarajan
> Internet-Draft Novell, Inc.
> Expires: November 18, 2005 May 17, 2005
>
>
> Kerberos version 5 schema for LDAP Directories
> draft-rajasekaran-kerberos-schema-00
>
[...]
> 4.3 krbService
>
> krbService class is an abstract class and serves as a super class for
> krbKdcService, krbAdmService and krbPwdService.
>
> An instance of a class derived from krbService is created per
> Kerberos authentication or administration server or password server
> in a realm and holds the references to the realm objects. These
> references are used to further read realm specific data to service
> AS/TGS requests. Additionally this object contains some server
> specific data like pathnames and ports that the server uses. This is
> the identity the Kerberos server logs in with. krbKdcService and
> krbPwdService all derive from this class.
>
> Definition:
> ( IANA-ASSIGNED-OID.6.3
> NAME 'krbService'
> ABSTRACT
> SUP ( top $ Server $ ndsLoginProperties )
^^^^^^^^^^^^^^^^^^^^^^^^^^^
A coworker at Sun points out:
The krbService is a subclass of 2 Novell's specific objectClasses,
not standard (server and ndsLoginProperties).
Will this be addressed in the upcoming revision?
> MUST ( cn )
> MAY ( krbHostServer $ krbServiceFlags $ krbRealmReferences ))
>
> Naming Attribute:
> cn
>
> Containment:
> organization, organizationalunit, country, locality, domain,
> krbRealmContainer
--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
More information about the kdc-info
mailing list