LDAP realm config
Savitha R
rsavitha at novell.com
Fri Sep 21 07:10:01 EDT 2007
Currently, only a few attributes( like maxticketlife, maxrenewlife and ticketflags)
of the realm configuration in directory is being used.
The long term plan is to add a LDAP plugin when a plugin interface
for the profile library is available.
-Savitha
>>> On Fri, Sep 21, 2007 at 5:44 AM, in message
<DA147DCC-804C-4814-8DAD-433D2735C9D6 at nearband.com>, Michael Griego
<mgriego at nearband.com> wrote:
> I've been playing with the LDAP kdb backend, and was surprised by the
> fact that the realm configuration attributed in the krbRealmContainer
> object class aren't used. Unfortunately, its not clear with the
> current documentation that a kdc.conf is still needed when using the
> LDAP kdb plugin. As such, I've been looking into what it would take
> to add the code needed to make use of the other realm configuration
> attributes.
>
> I've done a fair amount of investigation into this, and its not a
> trivial task (which I'm sure is the reason its not there
> already... :). Before I go much further, I was curious if anyone had
> already done any work on this or had any thoughts on the best
> approach. One thought I had was to add another hook into the kdb
> layer for getting realm parameters from the kdb backends. There are
> some possible chicken-and-egg scenarios there.
>
> Anyway, any input would be appreciated. I'd really like to see the
> ability to completely ditch the kdc.conf, stash file, and perhaps
> even the kadm5.acl in favor of directory configuration.
>
> --Mike
>
>
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
More information about the krbdev
mailing list