[Kerberos] Kerberos + OpenLDAP

g.w@hurderos.org g.w at hurderos.org
Fri Mar 2 18:35:15 EST 2007

On Mar 1,  5:10pm, Sam Hartman wrote:
} Subject: Re: [Kerberos] Kerberos + OpenLDAP

Good evening, I hope the week has gone well for everyone.

> 1) I'd really like to see interested individuals work on the LDAP
> schema in the IETF.  The effort has floundered for lack of people
> driving it.

Enrique has already expressed interest in working towards this goal.
Hopefully others are interested as well.

Hopefully if we can get some traction with ADS and the OpenLDAP
front-end for MIT Kerberos there will be motivation for further
participation.  A schema without reason for implementation may not be
that attractive.

> 2) I'd really love to see an ldap plugin that used some schema and
> called kadm5_* interfaces--I.E. a way to replace kadmind with
> openldap even in situations where the ldap kdb layer was not used.

Thats the objective of what we have been working on.  The important
element in all this is a schema which adequately represents a KDC from
an administrative perspective.

A properly devised administrative schema should be useful to to both
an MIT/OpenLDAP and ADS perspective.  We just need to get a bit more
in the way of infra-structure running to begin assessing whats needed.

Have a good weekend.

}-- End of excerpt from Sam Hartman

As always,
Greg Wettstein

			 The Hurderos Project
         Open Identity, Service and Authorization Management

"And they shall beat their swords into plowshares, for if you hit a
 man with a plowshare, he's going to know he's been hit."
                                -- James L. McGill

More information about the krbdev mailing list