question about princ type assignment in krb5_ldap_get_principal()
Praveen Kumar Sahukar
psahukar at novell.com
Tue Jun 20 13:54:39 EDT 2006
On Mon, 2006-06-19 at 12:42 -0500, Will Fiveash wrote:
> On Sat, Jun 17, 2006 at 11:23:00AM -0400, Sam Hartman wrote:
> >
> > I guess my point is that outside of edirectory these attributes are
> > not used, so I'm not sure why we on this list care about them.
> >
> > If you are trying to give Novell advice for their product, that's
> > certainly reasonable, but please distinguish from advice for MIT
> > Kerberos.
> >
> > Luke has made the point that he doesn't believe the edirectory
> > specific behavior belongs in MIT Kerberos. I can see both sides of
> > that. It would be nice to make Novell's merge and code maintinance
> > job easier since they contributed the code. However it would also be
> > nice to make the code MIT ships cleaner.
> >
> > What we told Novell is that edirectory behavior was fine provided that
> > it was under ifdefs.
>
> I understand your point and I am aware of the "#ifdef HAVE_EDIRECTORY"
> code sections and have avoided commenting on those because I understand
> those contain function specific to Novell's eDirectory. I made the
> comment about the princ type logic because I was chasing a bug and ran
> across that code which is not in a eDirectory section so I assumed it
> was a general implemention issue.
We are considering to remove the logic of deriving the principal type
from the objectclass (krbPrincipal) and may be use additional attribute
for the same.
Based on the decision, the logic will be changed but we have planned to
move away from the logic of deciding the principal type based on the
object class the principal belongs to.
-Praveen
More information about the krbdev
mailing list