need help with LDAP plug-in code and liblber dependency
Praveenkumar Sahukar
psahukar at novell.com
Mon May 29 07:20:44 EDT 2006
Hi,
>>> On Fri, May 26, 2006 at 6:55 AM, in message
<tsld5e1h90o.fsf at cz.mit.edu>, Sam
Hartman <hartmans at MIT.EDU> wrote:
> Wait, why does the ldap command need to bind using a different
> identity than the kdc will use?
>
The KDC and the ADMIN services have READ only rights on the Realm
Attributes. However,
to manage the Realm, WRITE rights are needed and hence the ldap command
(kdb5_ldap_util)
uses an identity different from the KDC and the ADMIN identities.
Thanks and Regards,
Praveen Kumar
More information about the krbdev
mailing list