An alternative plan for principal mapping

Andrew Bartlett abartlet at
Thu Aug 3 20:33:59 EDT 2006

On Thu, 2006-08-03 at 13:39 +0530, S Rahul wrote:
> As I said, these are two extensions for enforcing login policy ... not
> for reading user password from the directory.

You miss my point (I described how Novell eDirectory and Samba 3.0
currently do this dance), but is there any documentation on these
extensions, and are these being proposed as standards anywhere?  

Samba4 has very similar needs in applying additional access control
steps, and it would save me a lot of work if the standard MIT Kerberos
w/LDAP just happened to ask the questions in a way I can support...

My particular need is for details of both the user and the ticket
addresses they requested (and I suppose, the address the ticket actually
came from).  Microsoft hides a netbios name in there, and we need to
check that.


Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.        
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the krbdev mailing list