LDAP realm config

Michael Griego mgriego at nearband.com
Thu Sep 20 20:14:31 EDT 2007

I've been playing with the LDAP kdb backend, and was surprised by the  
fact that the realm configuration attributed in the krbRealmContainer  
object class aren't used.  Unfortunately, its not clear with the  
current documentation that a kdc.conf is still needed when using the  
LDAP kdb plugin.  As such, I've been looking into what it would take  
to add the code needed to make use of the other realm configuration  

I've done a fair amount of investigation into this, and its not a  
trivial task (which I'm sure is the reason its not there  
already... :).  Before I go much further, I was curious if anyone had  
already done any work on this or had any thoughts on the best  
approach.  One thought I had was to add another hook into the kdb  
layer for getting realm parameters from the kdb backends.  There are  
some possible chicken-and-egg scenarios there.

Anyway, any input would be appreciated.  I'd really like to see the  
ability to completely ditch the kdc.conf, stash file, and perhaps  
even the kadm5.acl in favor of directory configuration.


More information about the krbdev mailing list