[36080] in Kerberos
Re: Storing user-defined attributes in Kerberos5?
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sun Apr 27 11:53:42 2014
Message-ID: <535D27FC.6000706@mit.edu>
Date: Sun, 27 Apr 2014 11:53:32 -0400
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: Wendy Lin <wendlin1974@gmail.com>, "<kerberos@mit.edu>" <kerberos@mit.edu>
In-Reply-To: <CA+j=ERpPYXGxSmgBFP1NdM3Uyoi7FBOixPDiJ8KrhQqYLyeBgQ@mail.gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 04/25/2014 09:35 AM, Wendy Lin wrote:
> Does Kerberos5 have the ability to store user-defined attributes
> somehere and distribute them to the Kerberos5 clients?
Short answer: not really, and that's more of a job for something like LDAP.
As I don't know the details of your use case, I should note that some
implementations of Kerberos do convey specific attributes about client
principals to application servers (not clients) via the authdata field
in the ticket. The most well-known instance of this is the Microsoft
PAC, described at http://msdn.microsoft.com/en-us/library/cc237917.aspx
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
