Storing user-defined attributes in Kerberos5?
Greg Hudson
ghudson at MIT.EDU
Sun Apr 27 11:53:32 EDT 2014
On 04/25/2014 09:35 AM, Wendy Lin wrote:
> Does Kerberos5 have the ability to store user-defined attributes
> somehere and distribute them to the Kerberos5 clients?
Short answer: not really, and that's more of a job for something like LDAP.
As I don't know the details of your use case, I should note that some
implementations of Kerberos do convey specific attributes about client
principals to application servers (not clients) via the authdata field
in the ticket. The most well-known instance of this is the Microsoft
PAC, described at http://msdn.microsoft.com/en-us/library/cc237917.aspx
More information about the Kerberos
mailing list