[36449] in Kerberos
Re: Storing user-defined attributes in Kerberos5?
daemon@ATHENA.MIT.EDU (Wendy Lin)
Fri Sep 12 11:52:58 2014
MIME-Version: 1.0
In-Reply-To: <535D27FC.6000706@mit.edu>
Date: Fri, 12 Sep 2014 17:52:23 +0200
Message-ID: <CA+j=ERovO0ZCNHcgAeqc4p2i1-HsvyziZJbKK5F=5oAo-W3sHw@mail.gmail.com>
From: Wendy Lin <wendlin1974@gmail.com>
To: Greg Hudson <ghudson@mit.edu>
Cc: "<kerberos@mit.edu>" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 27 April 2014 17:53, Greg Hudson <ghudson@mit.edu> wrote:
> On 04/25/2014 09:35 AM, Wendy Lin wrote:
>> Does Kerberos5 have the ability to store user-defined attributes
>> somehere and distribute them to the Kerberos5 clients?
>
> Short answer: not really, and that's more of a job for something like LDAP.
>
> As I don't know the details of your use case, I should note that some
> implementations of Kerberos do convey specific attributes about client
> principals to application servers (not clients) via the authdata field
> in the ticket. The most well-known instance of this is the Microsoft
> PAC, described at http://msdn.microsoft.com/en-us/library/cc237917.aspx
So it would be possible to include home dir, uid, gid(s), gcos and
choice of unix shell in a ticket? How large can tickets get anyway?
Wendy
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
