LDAP Schema Design Suggestions?
Henry B. Hotz
hotz at jpl.nasa.gov
Wed Oct 25 00:29:37 EDT 2006
On Oct 24, 2006, at 7:35 PM, Nicolas Williams wrote:
> On Tue, Oct 24, 2006 at 06:19:04PM -0700, Henry B. Hotz wrote:
>> No, I'm not talking about using LDAP to store the back-end for a KDC.
>>
>> I'm wondering if there are any thoughts or wisdom related to RFC 2307
>> (or successors) about how to store meta-information about Kerberos
>> principals. That RFC defines schema's for "machines" and things with
>> IP numbers. I also need to associate an "owner" for non-people
>> principals.
>
> Users don't make good owners. They change job descriptions, go on
> extended vactions/sabatticals, leave, die, are laid off, are fired...
>
> IMO groups make much better owners.
>
> Nico
> --
Yeah, OK. I just don't have an organizationally meaningful
alternative available.
Other people on the list should take note though.
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the Kerberos
mailing list