Populating krbPrincipalName multivalued (Was: Re: LDAP searches for Kerberos entries)
Greg Hudson
ghudson at mit.edu
Sat Feb 14 16:26:45 EST 2015
On 02/14/2015 02:20 AM, Gergely Czuczy wrote:
> So, actually there's a difference between an alias, and the -x linkdn=
> option?
> The alias is technically the very same principal, and addprinc -x
> linkdn= is a new principal, linked to an already existing entry in LDAP?
linkdn is totally different from aliases. The -x linkdn option just
sets a krbObjectReferences attribute on a standalone principal object.
This attribute has no particular semantics to the KDC or kadmind; it
might have meaning to an external LDAP administration tool (such as
eDirectory, which our LDAP support originally came from).
More information about the Kerberos
mailing list