Wallet: LDAP

Jan-Piet Mens jpmens.dns at gmail.com
Wed Jun 13 09:45:38 EDT 2012

I think I'm getting the hang of Wallet (0.12) even though I have a pile
of questions (mainly concerning ACLs) I'll save for another time. :)

A bit of `grep' through documentation and source show that the LDAP
verifyer (I believe that's the term) hasn't been implemented yet. I
neither have (nor want) a full NetDB implementation so I thought I'd try
to "fool" it, and I'd basically like confirmation that I'm on the right

What I want is to authorize Wallet principals (users & hosts) against

I've configured NETDB_{REMCTL_CACHE,HOST} in `wallet.conf'. I've also
added a small script to `remctl.conf':

        netdb node-roles /usr/local/bin/mynetdb ANYUSER

All of that works. 

`mynetdb' is:


        # handle args
        #       argv[1] contains principal requested by Wallet client
        #       argv[2] contains "name" (or is that role name?) in
        #           Wallet ACL

        # do the magic: find principal, etc. and:

        echo "user"
        exit 0

The Wallet client reacts correctly to that output; if my script returns
anything other than "admin", "user" or "team" (gleaned from ACL::NetDB)
or exits with 1, the Wallet client tells me  the principal is not
authorized to get the requested object.

Am I on the right track or is all of this horribly wrong?

And since I don't know anything of NetDB: what is the difference (as far
as Wallet is concerned) between user, team and admin?


More information about the Kerberos mailing list