LDAP schema and TL_DATA?
greg at enjellic.com
Fri Mar 17 16:18:15 EST 2006
On Mar 15, 5:46am, Sam Hartman wrote:
} Subject: Re: LDAP schema and TL_DATA?
Good day to everyone.
> I'd rather not block on this issue. There is a real design question
> outstanding and I don't know how to resolve it.
> If someone proposes a better mechanism now and claims we need to
> block on this issue I'd be happy to consider doing so.
I've been thinking about the TL_DATA issue for about a year and a half
now. Our plug-in architecture currently uses a self-defined TL_DATA
datatype for storing a master key encrypted copy of the raw user
I toyed with the idea of implementing a registration function in the
extensibility framework we developed which would allow a plug-in to
request an unused TL_DATA type specification. This certainly fails
beyond the scope of a particular implementation/database.
I'm currently working on resolving architectural issues with bolting
NTLM support onto the MIT KDC though our plug-in architecture. If
this proves popular the issue of our self-selected TL_DATA datatype
value becomes problematic.
MIT may want to consider 'registering' TL_DATA tagnames. I wouldn't
care what the actual 'number' is as long as I can register a unique
name with the KDC and get a 'token' I can use to set a .tl_data_type
Now is the time to fix this though.
A possible interim solution might be to 'officially' declare an
invariant KRB5_TL_TYPES value in src/include/krb5/kdb.h as a
placeholder. The all singing/all dancing registration function can
use that as a known identity for tracking down TAGNAME/value
correspondence within the context of a given database.
Its not if KDC's are going to be extended but how. Prudence dictates
resolving this sooner than later.
}-- End of excerpt from Sam Hartman
Dr. G.W. Wettstein, Ph.D. Enjellic Systems Development, LLC.
4206 N. 19th Ave. Specializing in information infra-structure
Fargo, ND 58102 development.
FAX: 701-281-3949 EMAIL: greg at enjellic.com
"Open source code is not guaranteed nor does it come with a warranty."
-- the Alexis de Tocqueville Institute
"I guess that's in contrast to proprietary software, which comes with
a money-back guarantee, and free on-site repairs if any bugs are found."
More information about the krbdev