LDAP Schema Design Suggestions?

Edgecombe, Jason jwedgeco at uncc.edu
Wed Oct 25 08:22:42 EDT 2006

What about making positions as owners?

people <-> positions <-> machines. People may have multiple
positions/jobs and the job is responsible for the machine.  


Jason Edgecombe
Solaris & Linux Administrator
Mosaic Computing Group, College of Engineering
Phone: (704) 687-3514

-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
Behalf Of Henry B. Hotz
Sent: Wednesday, October 25, 2006 12:30 AM
To: Nicolas Williams
Cc: lukeh at padl.com; kerberos at mit.edu
Subject: Re: LDAP Schema Design Suggestions?

On Oct 24, 2006, at 7:35 PM, Nicolas Williams wrote:

> On Tue, Oct 24, 2006 at 06:19:04PM -0700, Henry B. Hotz wrote:
>> No, I'm not talking about using LDAP to store the back-end for a KDC.
>> I'm wondering if there are any thoughts or wisdom related to RFC 2307
>> (or successors) about how to store meta-information about Kerberos
>> principals.  That RFC defines schema's for "machines" and things with
>> IP numbers.  I also need to associate an "owner" for non-people
>> principals.
> Users don't make good owners.  They change job descriptions, go on
> extended vactions/sabatticals, leave, die, are laid off, are fired...
> IMO groups make much better owners.
> Nico
> --  

Yeah, OK.  I just don't have an organizationally meaningful  
alternative available.

Other people on the list should take note though.


The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu

Kerberos mailing list           Kerberos at mit.edu

More information about the Kerberos mailing list