Principal to directory object mapping
Matt Crawford
crawdad at fnal.gov
Wed Jul 26 10:34:19 EDT 2006
On Jul 26, 2006, at 5:37 AM, S Rahul wrote:
> 3. Principals will be associated with DNs in one of the following ways
> 3.1. Rule based mapping: If '-x dn' is not used, rules in
> krb5.conf
> will be used to perform the mapping.
I do not think krb5.conf is a good place for rules which are used
specifically by kadmin, as someone could lay a trap for the
insufficiently cautious admin. Sure, the latter should not exist,
but have you been out in the real world lately? The security-work to
security-clue ratio is rising (even as clue increases overall).
Can this be sensibly done through kdc.conf?
More information about the krbdev
mailing list