add principal to kerberos with ldap backend

Savitha R rsavitha at
Wed May 16 07:56:40 EDT 2007


>>> On Tue, May 15, 2007 at  2:48 PM, in message
<200705151218.29970.ntenev at>, Nikolai Tenev <ntenev at>
> Hi everyone,
> sorry if mu question is dump, but I can't find answer in documentation. I 
> setup and running MIT Kerberos 1.6 with LDAP backend and can add principals 
> with kadmin tool. Now I need a solution (if it's possible) to add principal 
> directly to LDAP, but can't find info how to create ldif file, especially 
> for 
> values of krbPrincipalKey and krbExtraData. Is anyone know how these fields 
> are constructed ?
It is not possible to add the krbPrincipalKey attribute through a 
LDIF file. The format of the value for this attribute is described in 
in the schema file(kerberos.ldif)
krbExtraData is a multivalued octet string attribute. Each value 
contains a type and value. Currently only a single value is stored.
First 16 bits has 0x0002 for the value type. Next 32 bits has the 
entry creation/modification time (time since the Epoch 
(00:00:00 UTC, January 1, 1970), measured in seconds)
in little endian format. This is followed by the name of the 
principal modifying the entry.


More information about the Kerberos mailing list