[Kerberos] Kerberos + OpenLDAP

Quanah Gibson-Mount quanah at stanford.edu
Tue Mar 6 13:41:43 EST 2007

--On Tuesday, March 06, 2007 10:43 AM -0500 Jeffrey Hutzelman 
<jhutz at cmu.edu> wrote:

> On Thursday, March 01, 2007 03:22:55 PM -0800 Enrique Rodriguez
> <enriquer9 at gmail.com> wrote:
>> On 3/1/07, Sam Hartman <hartmans at mit.edu> wrote:
>>> 1) I'd really like to see interested individuals work on the LDAP schema
>>> in the IETF. The effort has floundered for lack of people driving it.
>>> 2) I'd really love to see an ldap plugin that used some schema and
>>>    called kadm5_* interfaces--I.E. a way to replace kadmind with
>>>    openldap even in situations where the ldap kdb layer was not used.
>> 1)  A standardized LDAP schema would be great and I'm sure we (Apache
>> Directory) would support it.  In the mean time we'll make our best
>> effort to reuse any existing schema rather than draft something new.
>> 2)  I would personally participate in a standardization effort.  Is
>> anyone interested and who is also attending the Prague meeting?
>> (Prague Czech Republic - 68th IETF Meeting (March 18 - 23, 2007))
> I'm glad to hear there are people actively interested in an effort to
> produce a standardized LDAP schema for Kerberos.  As Sam noted, this has
> been on the wish list for some time, but has received little attention
> due to lack of interested parties with enough time.
> I suggest that interested parties subscribe to the Kerberos working group
> mailing list (ietf-krb-wg at anl.gov), and bring up this issue there.  If
> there is enough interest in the working group to sustain this work, we
> can consider adopting it as a work item.


has the instructions for subscribing.


Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

More information about the krbdev mailing list