Options for dealing with LDAP policy refcounts

Sam Hartman hartmans at MIT.EDU
Thu Oct 7 14:02:55 EDT 2010

I'm OK with either option.

I agree that if we move the handling of the policy refcount into the db
backend, that the complexity moves from kadm5srv to either libkdb or the
db2 backend.  I disagree that it has to be in the db2 put_principal
routine and believe the overall complexity of the system could be
conserved.  I can help explore this if others are interested. However
I'm guessing Greg prefers his options to something along these lines and
I don't have an opinion.

More information about the krbdev mailing list