[Kdc-info] Preliminary draft of LDAP Kerberos schema
Nicolas Williams
Nicolas.Williams at sun.com
Fri Jun 16 17:43:19 EDT 2006
On Sat, Jun 17, 2006 at 07:34:38AM +1000, Luke Howard wrote:
>
> >I understood that the Microsoft implementation, or at least one
> >version of it, used a timestamp to generate the kvno, not a sequence
> >of small integers. The RFC 4120 protocol allows for 32-bit unsigned
> >kvno values.
>
> Was this pre-W2K3? I thought the kvno was fixed in W2K and the value
> of monotonically increasing msDS-KeyVersionNumber attribute in W2K3.
Nonetheless...
Also, can someone confirm if the Novell idea is to store in krbSecretKey
pretty much the same stuff that the MIT db2 backend stores?
More information about the krbdev
mailing list