Populating krbPrincipalName multivalued (Was: Re: LDAP searches for Kerberos entries)
Greg Hudson
ghudson at mit.edu
Thu Feb 12 11:38:24 EST 2015
On 02/12/2015 03:28 AM, Gergely Czuczy wrote:
> A bit off the topic, but please allow me a question here. I've noticed
> that addprinc -x dn= only allows a single principal per entry, and -x
> linkdn= does not put the krbPrincipalName into the specified entry. With
> utilizing the LDAP backend, what would be the way to make use of the
> krbPrincipalName's multivalued nature, and have it populated at the ldap
> entry's values?
We don't have kadmin support for principal aliases, only LDAP KDB module
support. You have to manage the krbPrincipalName and krbCanonicalName
attributes directly via LDAP in order to create aliases.
More information about the Kerberos
mailing list