[29971] in Kerberos
Re: Principal attributes and policy in LDAP Realm
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Mon Jun 16 19:25:26 2008
From: Ken Raeburn <raeburn@mit.edu>
To: Klaus Heinrich Kiwi <klausk@linux.vnet.ibm.com>
In-Reply-To: <1213657246.17827.15.camel@klausk.br.ibm.com>
Message-Id: <12D94319-C190-4D6A-97B9-7827950744C0@mit.edu>
Mime-Version: 1.0 (Apple Message framework v924)
Date: Mon, 16 Jun 2008 19:25:05 -0400
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Jun 16, 2008, at 19:00, Klaus Heinrich Kiwi wrote:
> Is there a better description of what's in the tl_data structure? I
> saw
> some #defines in the kdb_ldap.h header file but couldn't correlate to
> anything just by looking at their names. Also, looks like this tl_data
> structure has a function outside the kdb abstraction layer domain
> (ie.:
> it's used within the KDC itself). Could you give me any insight of how
> it's being used and where? The description in the Schema file ("holds
> the application specific data") is a little confusing (application
> here
> refers to the Kerberos protocol? MIT KDC implementation? the LDAP KDB
> plugin itself?)
The "application" data in question is indeed the MIT KDC
implementation; all this stuff is internal to the MIT implementation.
In src/include/kdb.h you'll find definitions of some macros KRB5_TL_*
vaguely describing in their names what they're used for; for the
actual definitions of the layouts, you'll have to dig around in the
sources. At the moment, it's sort of a catch-all slot for holding
anything new we want to stick in there without having to redefine the
XDR types we use for database records (since the old DBM-style APIs
only give you "key" and "data" slots), stuff like that.
Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
