need help with LDAP plug-in code and liblber dependency
William.Fiveash at sun.com
Wed May 24 21:12:52 EDT 2006
On Tue, May 23, 2006 at 10:52:12PM -0400, Ken Raeburn wrote:
> On May 23, 2006, at 21:38, Will Fiveash wrote:
> > Should kdb5_util support the create command with a ldap
> >plug-in? If not, how does one prep the directory so that kadmind and
> >krb5kdc can use it as they do the db2 KDB?
> It would be nice, someday, but no, currently you need to use
> kdb5_ldap_util to create it. I have a few notes in my email on how
> to do this; we should be getting manual updates at some point.
A couple of points here:
- I'm concerned about UI consistency in regards to the db utils. I was
thinking that once one loaded the krb schema into the directory and
configured the k*.conf files to use the LDAP plug-in that they could
then proceed to create the KDB as they did in the past using
kdb5_util. In the case where the LDAP plug-in is used, the
kdb5_util create -r ACME.COM -s
would interact with the LDAP directory and create the default
principal records and local stash file. If a krb container object is
required then it would create this as well.
- Why is kdb5_ldap_util create required in order to access princ/policy
records in the directory? The man page states that kdb5_ldap_util
create creates a realm object which I assume is optional. Am I
- How does one migrate an existing db2 KDB to a directory? I was
assuming that kdb5_util dump & load would be used.
- Regardless of the above kdb5_util should not core dump regardless of
the backend being used. There needs to be better NULL function
pointer checking in the kdb code.
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
More information about the krbdev