How to extend kadmin

Nicolas Williams Nicolas.Williams at
Mon Oct 26 17:30:00 EDT 2009

On Mon, Oct 26, 2009 at 05:27:46PM -0400, Jeffrey Hutzelman wrote:
> --On Monday, October 26, 2009 03:51:13 PM -0500 Nicolas Williams 
> <Nicolas.Williams at> wrote:
> >4. Bump the RPC program version number (and start fresh).
> Fine, but why do you then go on and spend four paragraphs extolling the 
> virtues of ONC RPC in general and XDR in particular over ASN.1, when no one 
> has proposed doing anything involving the latter?

I was responding to "I have never been a fan of the RPC model of network

> OTOH, I suppose someone should ask the question...  Do we believe that we 
> will eventually end up with a schema for an LDAP-based admin protocol, and 
> if so, will it end up replacing the current kadmin protocol?
> If so, anything we do now is a stopgap.
> If not, we should be thinking about the long term.

Darn, I forgot about this.  I mostly agree, I'd rather see us move
wholesale to LDAP.  I happen to greatly dislike the LDAP schema that we
all inheritted from Novell though.  And also, for some things we
absolutely need a protocol (think change/set password protocols), though
it could always run as an LDAP extended operation.


More information about the krbdev mailing list