[1179] in Kerberos
What are a principal's attributes used for?
daemon@ATHENA.MIT.EDU (John M. Sellens)
Fri Dec 14 16:44:10 1990
Date: Fri, 14 Dec 90 16:04:07 EST
From: "John M. Sellens" <jmsellens@watdragon.waterloo.edu>
To: kerberos@ATHENA.MIT.EDU
A principal in the Kerberos database has an attributes field. I found
this in kadm.h
/* Attributes fields constants and macros */
#define ALLOC 2
#define RESERVED 3
#define DEALLOC 4
#define DEACTIVATED 5
#define ACTIVE 6
but I haven't seen anything that actually seems to use these attributes.
Does anything?
I'm wondering how to set up classes of users. For example, imagine a
campus wide Kerberos database. What happens when someone forgets his/her
password? Should a student consultant be able to change the password
of a faculty member in another faculty? (and so on). It might be nice
if there was a way to give (more) different levels of database control to
various people, without having to resort to multiple realms. Hmmm ...
And on another topic - does anyone have any (available) tools for doing
bulk adds or updates to the Kerberos database? I'm wondering how to
get a lot of people in without doing a dump and load or something.
John Sellens
University of Waterloo
jmsellens@watdragon.waterloo.edu
