Preliminary discussion: DB alias entries
Simo Sorce
ssorce at redhat.com
Thu Mar 5 00:04:38 EST 2009
On Wed, 2009-03-04 at 19:56 -0500, ghudson at MIT.EDU wrote:
>
> I'm currently planning to add support to the LDAP back end as well as
> the DB2 back end for feature parity, but I don't yet understand that
> code well enough to understand the design alternatives. This message
> will focus on the DB2 back end.
For the LDAP case all you need to do is to either just use
krbPrincipalName as a multivalued attribute (although that means you
will loose sight of waht was the "original" name).
Or just add a multivalued attribute for all aliases (with it's auxiliary
objectclass) and treat krbPrincipalName as the "real" name.
In either cases you will need a single lookup, and the modification to
the backend would be trivial.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list