KDB and referrals/aliases
Greg Hudson
ghudson at MIT.EDU
Thu Sep 3 12:17:07 EDT 2009
On Thu, 2009-09-03 at 01:52 -0400, Luke Howard wrote:
> It always returns the canonical name. For DSfW, the primary
> administration interface is LDAP (in fact, I don't think Novell even
> shipped kadmin).
Alright. When I added alias support to LDAP for 1.7, time constraints
led me to relegate administration of aliases (such as adding them at
all) to external LDAP tools. So for the moment it makes sense to just
fix the iteration code to supply the canonical name. That means:
* With Luke's suggested change to krb5_ldap_get_principal(), "getprinc
aliasname" will start working, and will report the canonical name. That
will be the only way to see aliases in the admin interface.
* With the (not yet coded) fix to krb5_ldap_iterate(), "listprincs"
will display only a list of canonical names.
More information about the krbdev
mailing list