Draft specification for kadmind plugin API
Russ Allbery
rra at stanford.edu
Fri Apr 20 22:20:42 EDT 2007
John Hascall <john at iastate.edu> writes:
> For this to be useful to us it would need to have hooks for other
> operations, notably principal creation, deletion, and renaming.
This isn't my particular itch, so I'd rather not take the burden of doing
the work of specifying the interfaces. However, if you can come up with
the interface specification, I can add it to my proposal.
Is principal renaming a supported operation in the kadmin protocol? I
don't see it mentioned in the kadmin man page, but that may not be
definitive, I know.
I may or may not be able to implement the libkadm5srv changes depending on
how difficult they are, but it should be possible for someone else to add
that.
Note that a hook for account creation is not generally useful for
propagation into Active Directory unless it can draw from an external data
source, since an MIT Kerberos KDC doesn't track all the information that
Active Directory tracks about a user.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list