I think I'm getting the hang of Wallet (0.12) even though I have a pile of questions (mainly concerning ACLs) I'll save for another time. :)
A bit of `grep' through documentation and source show that the LDAP verifyer (I believe that's the term) hasn't been implemented yet. I neither have (nor want) a full NetDB implementation so I thought I'd try to "fool" it, and I'd basically like confirmation that I'm on the right track. What I want is to authorize Wallet principals (users & hosts) against LDAP. I've configured NETDB_{REMCTL_CACHE,HOST} in `wallet.conf'. I've also added a small script to `remctl.conf': netdb node-roles /usr/local/bin/mynetdb ANYUSER All of that works. `mynetdb' is: #!/bin/sh # handle args # argv[1] contains principal requested by Wallet client # argv[2] contains "name" (or is that role name?) in # Wallet ACL # do the magic: find principal, etc. and: echo "user" exit 0 The Wallet client reacts correctly to that output; if my script returns anything other than "admin", "user" or "team" (gleaned from ACL::NetDB) or exits with 1, the Wallet client tells me the principal is not authorized to get the requested object. Am I on the right track or is all of this horribly wrong? And since I don't know anything of NetDB: what is the difference (as far as Wallet is concerned) between user, team and admin? -JP ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos