[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kerberos and ldap: Standards?

From: Elrond
Subject: Re: kerberos and ldap: Standards?
Date: Fri, 21 Apr 2006 16:59:13 +0200
User-agent: Mutt/1.5.9i

On Fri, Apr 21, 2006 at 03:39:26PM +0200, Simon Josefsson wrote:
> > Well, I don't want to write a full backend for shisa.
> >
> > I only want to put mappings into ldap.
> >
> > Think of mapping unix accounts (which are flat, no realm)
> > to principals (which have a realm).
> >
> > Say I want to unix user jas to address@hidden and unix
> > user elrond to address@hidden
> >
> > uid: jas
> > unknown: address@hidden
> >
> > uid: elrond
> > unknown: address@hidden
> >
> > So what to use for "unknown"?
> > My current best guess is "krb5PrincipalName".
> Where does the unix username come from?
[... ldap and shishi ...]

Just to repeat the initial words of my initial mail (more
or less):
This is off-topic.
This is not about shishi or shisa. (at least not in the
first place.)
I probably should have gone to a general purpose kerberos
list with the question.

My usage case is Samba-TNG. It interfaces with two and
probably next with three worlds: Unix, Windows, and
Kerberos (the last is coming very slowly).

Our premier backend for storage of meta-data is ldap.

To cleanly map the three worlds, we need mapping functions.
They can either be algorithmic ("if we don't know, use
realm HOMEREALM") or listed mappings as the example above
wants to illustrate.

Despite sql, where everybody can create a new table with
their own schema, ldap is requiring more standardisation,
so that people can play with each other.

So I was looking for the right standards.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]