[17129] in Kerberos_V5_Development
New tl_data type
daemon@ATHENA.MIT.EDU (Linus Nordberg)
Wed Aug 31 16:54:49 2011
From: Linus Nordberg <linus@nordberg.se>
To: krbdev@mit.edu
Date: Wed, 31 Aug 2011 22:54:38 +0200
Message-ID: <87zkipgv3l.fsf@nordberg.se>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Hi,
Configuring principals in the kdb for use with the FAST OTP plugin is
quite a pita atm. We use
#define KRB5_TL_OTP_ID 0x0800 /* OTP token id */
#define KRB5_TL_OTP_BLOB 0x1000 /* OTP binary blob */
for configuring a token identity and an OTP method for a principal
(KRB5_TL_OTP_ID) and data to pass to the method, respectively.
These are not supported by any of the tools for mucking about with the
kdb and I have been using an LDAP backend for reasonably convenient
configuration.
Now I'm wondering if this should be replaced this with something more
general. Greg mentioned a tl_data type with <string>:<string> at some
point. How much structure should be imposed? Should we rather say just
<text> or maybe <JSON>?
The work involved would be to add the tl_data type and add support for
it in tools like kadmin and kdb5_util I guess. More?
Thanks,
Linus
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
