LDAP Schema Design Suggestions?

Edgecombe, Jason jwedgeco at uncc.edu
Wed Oct 25 08:22:42 EDT 2006


What about making positions as owners?

people <-> positions <-> machines. People may have multiple
positions/jobs and the job is responsible for the machine.  

Jason

Jason Edgecombe
Solaris & Linux Administrator
Mosaic Computing Group, College of Engineering
UNC-Charlotte
Phone: (704) 687-3514
 

-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On
Behalf Of Henry B. Hotz
Sent: Wednesday, October 25, 2006 12:30 AM
To: Nicolas Williams
Cc: lukeh at padl.com; kerberos at mit.edu
Subject: Re: LDAP Schema Design Suggestions?


On Oct 24, 2006, at 7:35 PM, Nicolas Williams wrote:

> On Tue, Oct 24, 2006 at 06:19:04PM -0700, Henry B. Hotz wrote:
>> No, I'm not talking about using LDAP to store the back-end for a KDC.
>>
>> I'm wondering if there are any thoughts or wisdom related to RFC 2307
>> (or successors) about how to store meta-information about Kerberos
>> principals.  That RFC defines schema's for "machines" and things with
>> IP numbers.  I also need to associate an "owner" for non-people
>> principals.
>
> Users don't make good owners.  They change job descriptions, go on
> extended vactions/sabatticals, leave, die, are laid off, are fired...
>
> IMO groups make much better owners.
>
> Nico
> --  

Yeah, OK.  I just don't have an organizationally meaningful  
alternative available.

Other people on the list should take note though.

------------------------------------------------------------------------

----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu


________________________________________________
Kerberos mailing list           Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos




More information about the Kerberos mailing list