need advice on how to deal with KADM5_POLICY attribute
Will Fiveash
William.Fiveash at sun.com
Mon Sep 25 19:45:00 EDT 2006
Never mind, I figured out what was going on.
I do have another issue related to this though. When doing a kdb5_util
load into a LDAP directory it would be useful to be able to indicate to
the krb5_ldap_put_principal() that the entry is to completely replace
an existing entry. Does such an interface exist? If not, is it
reasonable to add another bit flag to the krb5_db_entry mask field?
On Sun, Sep 24, 2006 at 07:31:00PM -0500, Will Fiveash wrote:
> I'm close to getting the "kdb5_util load" command to work with the LDAP
> KDB plugin however I'm having some difficulty understanding how to deal
> with princ. records that have a policy reference. Note that I
> have modified the dump.c:process_k5beta6_record() function to set the
> dbentry.mask so the krb5_ldap_put_principal() will properly create the
> princ attributes when putting the princ entry to the directory. For
> example:
>
> if (nread == 8) {
> dbentry.attributes = (krb5_flags) t2;
> dbentry.max_life = (krb5_deltat) t3;
> dbentry.max_renewable_life = (krb5_deltat) t4;
> dbentry.expiration = (krb5_timestamp) t5;
> dbentry.pw_expiration = (krb5_timestamp) t6;
> dbentry.last_success = (krb5_timestamp) t7;
--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
More information about the krbdev
mailing list