KDB and referrals/aliases
Nicolas Williams
Nicolas.Williams at sun.com
Wed Sep 2 16:28:32 EDT 2009
On Wed, Sep 02, 2009 at 04:22:40PM -0400, Greg Hudson wrote:
> On Wed, 2009-09-02 at 15:12 -0400, Nicolas Williams wrote:
> > I think it's a legitimate concern that kadmin clients be able to
> > distinguish aliases from non-aliases. Not that getprinc(alias) should
> > fail, but that it should tell you its canonical name; listprincs should
> > probably list only canonical names.
>
> In that case, there is no problem:
>
> kadmin.local: getprinc user2
> Principal: user at DIRECTORATE.ORG
> [...]
>
> "user2" is an alias name and "user" is the canonical name. That's with
> the LDAP back end hacked to return aliases (a la Luke's patch) but no
> other changes.
Great.
Is there a way to list canonical names only though? That'd be nice.
I'm not sure it'd be "required", but if listing only canon names meant
listing all names then doing a getprinc on each, then yes, IMO it'd be a
required feature. Conversely, being able to list all names, alias and
canonical, in one step is a "requirement", IMO.
More information about the krbdev
mailing list