[36790] in Kerberos
Re: Populating krbPrincipalName multivalued (Was: Re: LDAP searches
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sat Feb 14 16:27:08 2015
Message-ID: <54DFBD95.3010604@mit.edu>
Date: Sat, 14 Feb 2015 16:26:45 -0500
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: Gergely Czuczy <gergely.czuczy@harmless.hu>, kerberos@mit.edu
In-Reply-To: <54DEF721.3040506@harmless.hu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 02/14/2015 02:20 AM, Gergely Czuczy wrote:
> So, actually there's a difference between an alias, and the -x linkdn=
> option?
> The alias is technically the very same principal, and addprinc -x
> linkdn= is a new principal, linked to an already existing entry in LDAP?
linkdn is totally different from aliases. The -x linkdn option just
sets a krbObjectReferences attribute on a standalone principal object.
This attribute has no particular semantics to the KDC or kadmind; it
might have meaning to an external LDAP administration tool (such as
eDirectory, which our LDAP support originally came from).
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
