LDAP schema questions
Sam Hartman
hartmans at MIT.EDU
Tue Jun 13 09:49:07 EDT 2006
>>>>> "Praveen" == Praveen Kumar Sahukar <psahukar at novell.com> writes:
Praveen> On Tue, 2006-06-13 at 22:13 +1000, Luke Howard wrote:
>> >Unless you require that there exist no more than a single
>> principal >per user object then you will have to lock and
>> update multiple objects >as part of the transaction.
>>
>> I would recommend that there be 1:1 mapping between a principal
>> entry in the directory and a principal in Kerberos.
Praveen> What about the directory user associated with more than
Praveen> one Kerberos Realm which results into more than one
Praveen> kerberos identity per directory user ?
I don't understand why this is special or hard.
Please explain.
--Sam
More information about the krbdev
mailing list