question about princ type assignment in krb5_ldap_get_principal()
Sam Hartman
hartmans at MIT.EDU
Wed Jun 14 11:07:39 EDT 2006
>>>>> "Praveen" == Praveen Kumar Sahukar <psahukar at novell.com> writes:
Praveen> On Tue, 2006-06-13 at 19:49 -0500, Will Fiveash wrote:
>> In krb5_ldap_get_principal() in
>> src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c I see:
>>
>> if ((values=ldap_get_values(ld, ent, "objectclass")) != NULL) {
>> for(i=0; values[i] != NULL; ++i) if (strcasecmp(values[i],
>> "krbprincipal") == 0) { ptype = KDB_SERVICE_PRINCIPAL; break;
>> }
>> ldap_value_free(values);
>> }
>>
>> Why is ptype set to KDB_SERVICE_PRINCIPAL if the objectclass is
>> krbprincipal?
Praveen> Kerberos principals created on krbprincipal object class
Praveen> (by extending with the krbprincipalaux aux class) are
Praveen> considered as Kerberos service principals. Thus kerberos
Praveen> principals like kadmin/admin, krbtgt/realmname ... are
Praveen> created as krbprincipal object class.
Praveen> Kerberos principals created by extending other structural
Praveen> object classes with the krbprincipalaux aux class are
Praveen> considered as the user principals.
This seems rather specific to your deployment.
What distinction does the code make based on this type?
--Sam
More information about the krbdev
mailing list