[30007] in Kerberos
Re: Principal attributes and policy in LDAP Realm
daemon@ATHENA.MIT.EDU (Klaus Heinrich Kiwi)
Tue Jun 24 07:44:31 2008
From: Klaus Heinrich Kiwi <klausk@linux.vnet.ibm.com>
To: Simo Sorce <ssorce@redhat.com>
In-Reply-To: <1214226310.3822.26.camel@localhost.localdomain>
Date: Tue, 24 Jun 2008 08:43:44 -0300
Message-Id: <1214307824.13517.13.camel@klausk.br.ibm.com>
Mime-Version: 1.0
Cc: Ken Raeburn <raeburn@mit.edu>, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Mon, 2008-06-23 at 09:05 -0400, Simo Sorce wrote:
> Klaus, the current Kerberos schema as implemented by MIT is not ideal,
> but adding support for multiple schemas seem like a way to fragment,
> wouldn't it be better to join efforts to come up with a schema we can
> all standardize upon ?
I must admit I still need to verify this, but I'd assume that other
applications may be using the same directory for other purposes,
(including authentication?) - and may be simply easier to add support
for this particular schema to one application then to support it in
other (possibly legacy) applications.
> Do you have pointers to the IBM schema ? I'd like to take a look at
> the
> differences.
I can't seem to find any external links to it - I'll check if I can host
it somewhere and let you know.
-Klaus
--
Klaus Heinrich Kiwi <klausk@linux.vnet.ibm.com>
Linux Security Development, IBM Linux Technology Center
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
