New tl_data type

Linus Nordberg linus at
Wed Aug 31 16:54:38 EDT 2011


Configuring principals in the kdb for use with the FAST OTP plugin is
quite a pita atm.  We use

#define KRB5_TL_OTP_ID                  0x0800 /* OTP token id */
#define KRB5_TL_OTP_BLOB                0x1000 /* OTP binary blob */

for configuring a token identity and an OTP method for a principal
(KRB5_TL_OTP_ID) and data to pass to the method, respectively.

These are not supported by any of the tools for mucking about with the
kdb and I have been using an LDAP backend for reasonably convenient

Now I'm wondering if this should be replaced this with something more
general.  Greg mentioned a tl_data type with <string>:<string> at some
point.  How much structure should be imposed?  Should we rather say just
<text> or maybe <JSON>?

The work involved would be to add the tl_data type and add support for
it in tools like kadmin and kdb5_util I guess.  More?


More information about the krbdev mailing list