Options for dealing with LDAP policy refcounts
hartmans at MIT.EDU
Thu Oct 7 14:02:55 EDT 2010
I'm OK with either option.
I agree that if we move the handling of the policy refcount into the db
backend, that the complexity moves from kadm5srv to either libkdb or the
db2 backend. I disagree that it has to be in the db2 put_principal
routine and believe the overall complexity of the system could be
conserved. I can help explore this if others are interested. However
I'm guessing Greg prefers his options to something along these lines and
I don't have an opinion.
More information about the krbdev