On Mon, 2008-06-16 at 19:25 -0400, Ken Raeburn wrote: > The "application" data in question is indeed the MIT KDC > implementation; all this stuff is internal to the MIT implementation. > In src/include/kdb.h you'll find definitions of some macros KRB5_TL_* > vaguely describing in their names what they're used for; for the > actual definitions of the layouts, you'll have to dig around in the > sources. At the moment, it's sort of a catch-all slot for holding > anything new we want to stick in there without having to redefine the > XDR types we use for database records (since the old DBM-style APIs > only give you "key" and "data" slots), stuff like that.
Ken, thank you for your explanation. I'm still a bit confused about how KDC uses the TL data at the same time the KDB LDAP plugin also has some specific uses for it (for example KDB_TL_USERDN). Can 'krbExtraData' accommodate any kind of attribute we think of, just by making sure the type numbers doesn't collide? Or is it working some other way? Also, is tl_data an attribute for principals, realms, or both? I'm working towards changing the upstream KDB LDAP plugin into supporting the IBM Schema, and that Schema brings a lot of things as attributes for principals and realms - I'm just trying to make sure to reuse the existing internal data structures whenever possible. Thanks, -Klaus -- Klaus Heinrich Kiwi <[EMAIL PROTECTED]> Linux Security Development, IBM Linux Technology Center ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos