concerns with ldap plugin and 1.5
Nicolas Williams
Nicolas.Williams at Sun.COM
Thu Jun 1 12:32:19 EDT 2006
On Thu, Jun 01, 2006 at 05:25:35AM -0600, Praveenkumar Sahukar wrote:
> >>> On Thu, Jun 1, 2006 at 6:23 AM, in message
> <20060601005356.GA27225 at sun.com>,
> > - Is there no concern about interface consistency between use of
> > kdb5_util and krb5_ldap_util? The current situation where one
> must
> > use kdb5_ldap_util to create/initialize a directory based KDB
> seems
> > awkward to me.
>
> We did consider to use kdb5_util interface for the LDAP backend. But
> the existing commands were not sufficient for the LDAP backend and a lot
> of additional LDAP backend specific options were needed even for the
> basic commands currently available in kdb5_util (like create). With
> these difference it was obvious for the kdb5_util interface to change.
> So we decided to go with a separate utility.
It's really not clear that a new command was needed.
I see this as evidence that the new SPI is not sufficiently generic.
If the SPI were sufficiently generic there'd be a way to deal with
backend-specific create/init options passed through the kdb5_util
command.
Nico
--
More information about the krbdev
mailing list