[Kerberos] Kerberos + OpenLDAP

Jeffrey Hutzelman jhutz at cmu.edu
Tue Mar 6 10:43:10 EST 2007

On Thursday, March 01, 2007 03:22:55 PM -0800 Enrique Rodriguez 
<enriquer9 at gmail.com> wrote:

> On 3/1/07, Sam Hartman <hartmans at mit.edu> wrote:
>> 1) I'd really like to see interested individuals work on the LDAP schema
>> in the IETF. The effort has floundered for lack of people driving it.
>> 2) I'd really love to see an ldap plugin that used some schema and
>>    called kadm5_* interfaces--I.E. a way to replace kadmind with
>>    openldap even in situations where the ldap kdb layer was not used.
> 1)  A standardized LDAP schema would be great and I'm sure we (Apache
> Directory) would support it.  In the mean time we'll make our best
> effort to reuse any existing schema rather than draft something new.
> 2)  I would personally participate in a standardization effort.  Is
> anyone interested and who is also attending the Prague meeting?
> (Prague Czech Republic - 68th IETF Meeting (March 18 - 23, 2007))

I'm glad to hear there are people actively interested in an effort to 
produce a standardized LDAP schema for Kerberos.  As Sam noted, this has 
been on the wish list for some time, but has received little attention due 
to lack of interested parties with enough time.

I suggest that interested parties subscribe to the Kerberos working group 
mailing list (ietf-krb-wg at anl.gov), and bring up this issue there.  If 
there is enough interest in the working group to sustain this work, we can 
consider adopting it as a work item.

As for Prague, if there is interest in discussing this topic further, I can 
try to provide some time in krb-wg's agenda.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+ at cmu.edu>
   Chair, IETF Kerberos Working Group
   Carnegie Mellon University - Pittsburgh, PA

More information about the krbdev mailing list