[29970] in Kerberos
Re: Principal attributes and policy in LDAP Realm
daemon@ATHENA.MIT.EDU (Klaus Heinrich Kiwi)
Mon Jun 16 19:01:30 2008
From: Klaus Heinrich Kiwi <klausk@linux.vnet.ibm.com>
To: Savitha R <rsavitha@novell.com>
In-Reply-To: <484D3CBD.C217.0053.0@novell.com>
Date: Mon, 16 Jun 2008 20:00:46 -0300
Message-Id: <1213657246.17827.15.camel@klausk.br.ibm.com>
Mime-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Mon, 2008-06-09 at 02:52 -0600, Savitha R wrote:
> Last modification time is part of tl_data and entry's tl_data is
> stored
> in krbExtraData attribute.
Is there a better description of what's in the tl_data structure? I saw
some #defines in the kdb_ldap.h header file but couldn't correlate to
anything just by looking at their names. Also, looks like this tl_data
structure has a function outside the kdb abstraction layer domain (ie.:
it's used within the KDC itself). Could you give me any insight of how
it's being used and where? The description in the Schema file ("holds
the application specific data") is a little confusing (application here
refers to the Kerberos protocol? MIT KDC implementation? the LDAP KDB
plugin itself?)
The IBM LDAP Schema can carry all kinds of data within a realm or
principal object, so I'm trying to figure it out how to carry those with
minimal change to the current LDAP KDB plugin code.
Thanks,
-Klaus
--
Klaus Heinrich Kiwi <klausk@linux.vnet.ibm.com>
Linux Security Development, IBM Linux Technology Center
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
