[kdc-schema] Preliminary draft of LDAP Kerberos schema
Neal-Joslin, Robert (HP-UX Lab R&D)
bob.joslin at hp.com
Wed May 18 12:18:41 EDT 2005
I would concur with Leif's comments. I also have a couple observations.
Should a KDC schema be defining a password and account security policy?
Or should one of the many policies already defined be leveraged? I have
usability concerns when it comes to storing multiple policy syntaxes in
the a directory server, one that integrates authentication for both
LDAP-enabled and Kerberos-enabled applications.
Also, the information model for a Kerberos principle is similar (though
more restricted) to that of the "uid" attribute. Is yet another
identity descriptor a good thing?
Bob
________________________________
From: kdc-schema-bounces at mit.edu
[mailto:kdc-schema-bounces at mit.edu] On Behalf Of Rajasekaran Nagarajan
Sent: Monday, May 16, 2005 8:49 PM
To: kdc-info at mit.edu; kdc-schema at mit.edu
Subject: [kdc-schema] Preliminary draft of LDAP Kerberos schema
Attached is a preliminary draft of LDAP Kerberos schema.
Please, provide your comments on this, so that it can be refined
to be generic enough for catering to the needs of different Kerberos
distributions.
- Raj
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/kdc-schema/attachments/20050518/86485dcb/attachment.htm
More information about the kdc-schema
mailing list