New tl_data type
Linus Nordberg
linus at nordberg.se
Wed Aug 31 16:54:38 EDT 2011
Hi,
Configuring principals in the kdb for use with the FAST OTP plugin is
quite a pita atm. We use
#define KRB5_TL_OTP_ID 0x0800 /* OTP token id */
#define KRB5_TL_OTP_BLOB 0x1000 /* OTP binary blob */
for configuring a token identity and an OTP method for a principal
(KRB5_TL_OTP_ID) and data to pass to the method, respectively.
These are not supported by any of the tools for mucking about with the
kdb and I have been using an LDAP backend for reasonably convenient
configuration.
Now I'm wondering if this should be replaced this with something more
general. Greg mentioned a tl_data type with <string>:<string> at some
point. How much structure should be imposed? Should we rather say just
<text> or maybe <JSON>?
The work involved would be to add the tl_data type and add support for
it in tools like kadmin and kdb5_util I guess. More?
Thanks,
Linus
More information about the krbdev
mailing list