[36777] in Kerberos
Re: Populating krbPrincipalName multivalued (Was: Re: LDAP searches
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Feb 12 11:38:39 2015
Message-ID: <54DCD700.6040505@mit.edu>
Date: Thu, 12 Feb 2015 11:38:24 -0500
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: Gergely Czuczy <gergely.czuczy@harmless.hu>, kerberos@mit.edu
In-Reply-To: <54DC6428.2@harmless.hu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 02/12/2015 03:28 AM, Gergely Czuczy wrote:
> A bit off the topic, but please allow me a question here. I've noticed
> that addprinc -x dn= only allows a single principal per entry, and -x
> linkdn= does not put the krbPrincipalName into the specified entry. With
> utilizing the LDAP backend, what would be the way to make use of the
> krbPrincipalName's multivalued nature, and have it populated at the ldap
> entry's values?
We don't have kadmin support for principal aliases, only LDAP KDB module
support. You have to manage the krbPrincipalName and krbCanonicalName
attributes directly via LDAP in order to create aliases.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
