need help with LDAP plug-in code and liblber dependency
raeburn at MIT.EDU
Thu May 25 21:47:18 EDT 2006
On May 25, 2006, at 21:25, Sam Hartman wrote:
> Wait, why does the ldap command need to bind using a different
> identity than the kdc will use?
I would expect in some configurations the KDC would have read-only
access, the kadmind, if you run one, would have write access in
places but would not be permitted to create or modify a realm
container, etc. So the administrator setting up the realm may need
privileges that none of the server programs have.
More information about the krbdev