LDAP realm config
Michael Griego
mgriego at nearband.com
Thu Sep 20 20:14:31 EDT 2007
I've been playing with the LDAP kdb backend, and was surprised by the
fact that the realm configuration attributed in the krbRealmContainer
object class aren't used. Unfortunately, its not clear with the
current documentation that a kdc.conf is still needed when using the
LDAP kdb plugin. As such, I've been looking into what it would take
to add the code needed to make use of the other realm configuration
attributes.
I've done a fair amount of investigation into this, and its not a
trivial task (which I'm sure is the reason its not there
already... :). Before I go much further, I was curious if anyone had
already done any work on this or had any thoughts on the best
approach. One thought I had was to add another hook into the kdb
layer for getting realm parameters from the kdb backends. There are
some possible chicken-and-egg scenarios there.
Anyway, any input would be appreciated. I'd really like to see the
ability to completely ditch the kdc.conf, stash file, and perhaps
even the kadm5.acl in favor of directory configuration.
--Mike
More information about the krbdev
mailing list