Principal to directory object mapping

Matt Crawford crawdad at
Wed Jul 26 10:34:19 EDT 2006

On Jul 26, 2006, at 5:37 AM, S Rahul wrote:

> 3. Principals will be associated with DNs in one of the following ways
>     3.1. Rule based mapping: If '-x dn' is not used, rules in  
> krb5.conf
>        will be used to perform the mapping.

I do not think krb5.conf is a good place for rules which are used  
specifically by kadmin, as someone could lay a trap for the  
insufficiently cautious admin.  Sure, the latter should not exist,  
but have you been out in the real world lately?  The security-work to  
security-clue ratio is rising (even as clue increases overall).

Can this be sensibly done through kdc.conf?

More information about the krbdev mailing list