principal aliases?
Benjamin Kaduk
kaduk at mit.edu
Tue Nov 21 19:40:12 EST 2017
On Tue, Nov 21, 2017 at 04:17:23PM -0800, Chris Hecker wrote:
> Are these supported? There's a krbPrincipalAliases in the krb5 ldap schema,
> but I can't find any mention of them in the code, and online docs are
> spotty. I was hoping to use them but it doesn't seem like they do anything
> or are ever queried in the ldap kdb backend?
>
> Oh, hmm, looks like this is a Heimdal thing, bummer.
>
> https://www.openldap.org/lists/openldap-technical/201502/msg00053.html
>
> Any plans for supporting this in MIT?
They are only supported in the ldap backend, and you have to create
them out of band with an ldap editor. But once they are in ldap,
the KDC will use them.
-Ben
More information about the krbdev
mailing list