Principal attributes and policy in LDAP Realm
Klaus Heinrich Kiwi
klausk at linux.vnet.ibm.com
Mon Jun 16 19:00:46 EDT 2008
On Mon, 2008-06-09 at 02:52 -0600, Savitha R wrote:
> Last modification time is part of tl_data and entry's tl_data is
> stored
> in krbExtraData attribute.
Is there a better description of what's in the tl_data structure? I saw
some #defines in the kdb_ldap.h header file but couldn't correlate to
anything just by looking at their names. Also, looks like this tl_data
structure has a function outside the kdb abstraction layer domain (ie.:
it's used within the KDC itself). Could you give me any insight of how
it's being used and where? The description in the Schema file ("holds
the application specific data") is a little confusing (application here
refers to the Kerberos protocol? MIT KDC implementation? the LDAP KDB
plugin itself?)
The IBM LDAP Schema can carry all kinds of data within a realm or
principal object, so I'm trying to figure it out how to carry those with
minimal change to the current LDAP KDB plugin code.
Thanks,
-Klaus
--
Klaus Heinrich Kiwi <klausk at linux.vnet.ibm.com>
Linux Security Development, IBM Linux Technology Center
More information about the Kerberos
mailing list