[Kdc-info] Preliminary draft of LDAP Kerberos schema
K.G. Gokulavasan
kgokulavasan at novell.com
Fri Jun 16 06:41:11 EDT 2006
>>> On 6/1/06 at 1:05 AM, in message
<20060531193513.GM11607 at binky.Central.Sun.COM>, Nicolas Williams
<Nicolas.Williams at sun.com> wrote:
> On Mon, Jan 30, 2006 at 10:45:09PM -0700, Rajasekaran Nagarajan
wrote:
>> Hi Nico:
>>
>> Thanks very much for your comments. I shall appropriately
incorporate
>> these comments in the draft and post the updated draft soon.
>
> Well?
>
> BTW, MIT is getting close to shipping and I'm concerned. I'm
> particularly concerned about the lack of versioning of the
krbSecretKey
> attribute, the 16-bit kvno, the lack of a master key vno, etc...
>
> I think MIT ought to fix this now if at all possible. If there
exist
> deployments of this schema then rename krbSecretKey now and fix its
> contents' format.
>
Sorry for the late reply. Versioning will be included as part of the
attribute. As there already exists deployment of this schema, I will
rename the attribute. Master Key vno is already part of krbSecretKey
attribute(5th & 6th bytes). Is 16-bit not sufficient for kvno and master
kvno (it can have value upto 65535)?
Regards,
Gokul.
More information about the krbdev
mailing list