[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kerberos and ldap: Standards?

From: Elrond
Subject: Re: kerberos and ldap: Standards?
Date: Fri, 21 Apr 2006 13:04:35 +0200
User-agent: Mutt/1.5.9i

On Tue, Apr 18, 2006 at 10:35:15AM +0200, Simon Josefsson wrote:
> Hi Elrond!  Sorry for the slow response.
> Elrond <address@hidden> writes:
> > Maybe a bit off-topic, but:
> >
> > I know about hdb.schema from heimdal.
> >
> > Are there any other notable standards about storing
> > kerberos related information in ldap?
> Have you seen:

Ahh, looks interesting.

> > Currently I'm interested in an attribute, that stores the
> > kerberos' principal name, that relates to a DN/account.
> >
> > In hdb.schema this is krb5PrincipalName.
> I think you could write a new shisa module that would get the
> information the KDC requests from shisa from the LDAP server.  Copy
> file.c and file.h into ldap.c and ldap.h and start modifying it...  It
> probably require some work, but maybe I can assist you.

Well, I don't want to write a full backend for shisa.

I only want to put mappings into ldap.

Think of mapping unix accounts (which are flat, no realm)
to principals (which have a realm).

Say I want to unix user jas to address@hidden and unix
user elrond to address@hidden

uid: jas
unknown: address@hidden

uid: elrond
unknown: address@hidden

So what to use for "unknown"?
My current best guess is "krb5PrincipalName".


reply via email to

[Prev in Thread] Current Thread [Next in Thread]