LDAP schema questions
Praveen Kumar Sahukar
psahukar at novell.com
Wed Jun 14 12:23:38 EDT 2006
On Tue, 2006-06-13 at 08:22 -0500, Nicolas Williams wrote:
> On Wed, Jun 14, 2006 at 12:20:11AM +0530, Praveen Kumar Sahukar wrote:
> > On Tue, 2006-06-13 at 22:13 +1000, Luke Howard wrote:
> > > >Unless you require that there exist no more than a single principal
> > > >per user object then you will have to lock and update multiple objects
> > > >as part of the transaction.
> > >
> > > I would recommend that there be 1:1 mapping between a principal entry
> > > in the directory and a principal in Kerberos.
> >
> > What about the directory user associated with more than one Kerberos
> > Realm which results into more than one kerberos identity per directory
> > user ?
>
> The text you quoted from Luke says nothing about users...
What I meant by user is a 'principal entry in the directory'.
-Praveen
More information about the krbdev
mailing list