Preliminary discussion: DB alias entries
Luke Howard
lukeh at padl.com
Mon Mar 9 17:29:12 EDT 2009
On 10/03/2009, at 5:29 AM, Greg Hudson wrote:
> On Thu, 2009-03-05 at 13:56 -0500, Zhanna Tsitkova wrote:
>> How about adding a new auxulary attr to the entries
>
> What do you mean by "auxiliary attribute" here? My understanding is
> that object classes can be auxiliary, but not attributes.
>
> (Sorry; I'm new to LDAP so I need people to speak precisely or I can't
> understand.)
You are correct.
>> - for example
>> 1.3.18.0.2.4.1154 NAME ( 'krbHintAliases' ) or just krbAliases as
>> defined in
>> http://publib.boulder.ibm.com/infocenter/zvm/v5r3/index.jsp?topic=/com.ibm.zvm.v53.kldl0/tivap02998897.htm
>
> What is that page exactly? Is it appropriate to pull attribute and
> object class definitions from a completely different schema from the
> Novell one we have?
Correct, this is a bad idea.
>> In fact , on KDC startup these aliases could be stored in memory.
>> Then, when the request comes in, the normalized string would be
>> searched in the mem cache and then decided if the further processing
>> is needed.
>
> Wouldn't that introduce consistency issues if the LDAP data is
> modified
> outside of the KDC?
Yes, this is a really bad idea.
-- Luke
More information about the krbdev
mailing list