LDAP realm config

Savitha R rsavitha at novell.com
Fri Sep 21 07:10:01 EDT 2007

Currently, only a few attributes( like maxticketlife, maxrenewlife and ticketflags)
of the realm configuration in directory is being used.

The long term plan is to add a LDAP plugin when a plugin interface
for the profile library is available.


>>> On Fri, Sep 21, 2007 at  5:44 AM, in message
<DA147DCC-804C-4814-8DAD-433D2735C9D6 at nearband.com>, Michael Griego
<mgriego at nearband.com> wrote: 
> I've been playing with the LDAP kdb backend, and was surprised by the  
> fact that the realm configuration attributed in the krbRealmContainer  
> object class aren't used.  Unfortunately, its not clear with the  
> current documentation that a kdc.conf is still needed when using the  
> LDAP kdb plugin.  As such, I've been looking into what it would take  
> to add the code needed to make use of the other realm configuration  
> attributes.
> I've done a fair amount of investigation into this, and its not a  
> trivial task (which I'm sure is the reason its not there  
> already... :).  Before I go much further, I was curious if anyone had  
> already done any work on this or had any thoughts on the best  
> approach.  One thought I had was to add another hook into the kdb  
> layer for getting realm parameters from the kdb backends.  There are  
> some possible chicken-and-egg scenarios there.
> Anyway, any input would be appreciated.  I'd really like to see the  
> ability to completely ditch the kdc.conf, stash file, and perhaps  
> even the kadm5.acl in favor of directory configuration.
> --Mike
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev

More information about the krbdev mailing list