DAL API to read Realm Information

P Santoshkumar psantoshkumar at novell.com
Mon Mar 13 05:58:19 EST 2006 

Hello Jeffrey,

We intend to have a DAL API to read the params from the database that
will do the following:-

* If the backend database is db2 then the API will be NULL and the
structures outside DAL(kdc_realm_t and kadm5_config_params) will consist
of the values read from the configuration file.
* If the backend database is an LDAP store then the API will read the
values from the database. It will copy only those values into the
structures outside DAL(kdc_realm_t and kadm5_config_params) that are not
available or that are not read from the configuration file. In this way
even if extra fields are added to the structures then the DAL will take
only those that are available to the LDAP database and the others will
be read from the configuration file.

Thanks and Regards,
Santosh 
 
>>> Jeffrey Altman <jaltman at mit.edu> 03/10/06 9:13 pm >>> 
Santosh:

I would expect that if the principal information is being stored
in the KDB and the KDB backend is LDAP that there must be a method
for all of the data required by the KDC to be obtained via the DAL.

In your design please try to consider extensibility issues.  How will
we add new fields to the KDC request and how will the DAL respond if
those fields are not supported by the back end.

Thanks.

Jeffrey Altman




P Santoshkumar wrote:
> Hello Jeffrey,
> 
> The information that we are looking to obtain are the ticket
> information (for eg. maxtktlife, maxrenewablelife, etc), the
encryption
> types and the ticket flags. The structures that will get populated
are
> kdc_realm_t and kadm5_config_params. 
> 
> Thanks and Regards,
> Santosh. 
>  
>>>> Jeffrey Altman <jaltman at mit.edu> 03/07/06 8:40 pm >>> 
> Santosh:
> 
> Could you be more specific about what kind of information you are
> looking to obtain?   In particular, which existing or new data
> structures are you looking to populate?
> 
> Jeffrey Altman
> 
> 
> P Santoshkumar wrote:
>> Hello,
>>
>> Currently we are directly reading realm information from LDAP
> datatore.
>> We need to expose this to KDC, so we wish to add a DAL, DAL-  LDAP
API
> for
>> doing this. Are there any concerns regarding this?
>>
>> Thanks and Regards,
>> Santosh.
>> _______________________________________________
>> krbdev mailing list             krbdev at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/krbdev
>>
> 
>

More information about the krbdev mailing list