add principal to kerberos with ldap backend
Savitha R
rsavitha at novell.com
Wed May 16 07:56:40 EDT 2007
>>> On Tue, May 15, 2007 at 2:48 PM, in message
<200705151218.29970.ntenev at orbitel.bg>, Nikolai Tenev <ntenev at orbitel.bg>
wrote:
> Hi everyone,
> sorry if mu question is dump, but I can't find answer in documentation. I
> setup and running MIT Kerberos 1.6 with LDAP backend and can add principals
> with kadmin tool. Now I need a solution (if it's possible) to add principal
> directly to LDAP, but can't find info how to create ldif file, especially
> for
> values of krbPrincipalKey and krbExtraData. Is anyone know how these fields
> are constructed ?
>
It is not possible to add the krbPrincipalKey attribute through a
LDIF file. The format of the value for this attribute is described in
in the schema file(kerberos.ldif)
krbExtraData is a multivalued octet string attribute. Each value
contains a type and value. Currently only a single value is stored.
First 16 bits has 0x0002 for the value type. Next 32 bits has the
entry creation/modification time (time since the Epoch
(00:00:00 UTC, January 1, 1970), measured in seconds)
in little endian format. This is followed by the name of the
principal modifying the entry.
-Savitha
More information about the Kerberos
mailing list