krbUPEnabled LDAP attribute

Klaus Heinrich Kiwi klausk at linux.vnet.ibm.com
Mon Jun 16 23:07:10 EDT 2008


Is this attribute actually supported in the current KDB LDAP plugin
implementation? ie.: The only code I can see that it's dealing with this
attribute in the current tree refers to setting the permissions to this
attribute in the LDAP Database (ldap_service_rights.c).

And what actually means that "directory User Password has to be
used" (krbUPEnabled=TRUE)? The required password to authenticate a user
principal would be the same password used to bind with this user DN in
the directory? Is that possible with the current KDB Abstraction Layer?

Thanks!

 -Klaus


-- 
Klaus Heinrich Kiwi <klausk at linux.vnet.ibm.com>
Linux Security Development, IBM Linux Technology Center




More information about the Kerberos mailing list