Dear all.
I have been trying to use Kerberos with kdb ldap backend (openldap 2.4.11).
I have using two ldap servers to emulate multimaster environment for
Kerberos. There are some funny things happened.
1. If I don't enable multimaster replication using ldap, using kadmin.
I can add a Ke
On Mon, 2008-06-23 at 09:05 -0400, Simo Sorce wrote:
> Klaus, the current Kerberos schema as implemented by MIT is not ideal,
> but adding support for multiple schemas seem like a way to fragment,
> wouldn't it be better to join efforts to come up with a schema we can
> all standardize upon ?
I mu
On Jun 23, 2008, at 10:57, Simo Sorce wrote:
> Ken, thanks for the pointers, I am starting looking into the archives,
> but it seem that both are up to August 2006 and there is nothing else
> afterward. Did communication stop right there? Or is there some other
> place with the recent archives ?
I
On Mon, 2008-06-23 at 10:05 -0400, Ken Raeburn wrote:
> On Jun 23, 2008, at 09:03, Simo Sorce wrote:
> > Is there a specific reason why the database layer has not been
> > abstracted appropriately ? Any chance we can work to fix these
> > problems
> > and come up with a better schema ?
>
> Mostl
On Jun 23, 2008, at 09:03, Simo Sorce wrote:
> Is there a specific reason why the database layer has not been
> abstracted appropriately ? Any chance we can work to fix these
> problems
> and come up with a better schema ?
Mostly lack of resources/priority/motivation/etc I guess; certainly no
On Mon, 2008-06-16 at 23:58 -0300, Klaus Heinrich Kiwi wrote:
> On Mon, 2008-06-16 at 19:25 -0400, Ken Raeburn wrote:
>
> > The "application" data in question is indeed the MIT KDC
> > implementation; all this stuff is internal to the MIT implementation.
> > In src/include/kdb.h you'll find d
On Mon, 2008-06-16 at 19:25 -0400, Ken Raeburn wrote:
> On Jun 16, 2008, at 19:00, Klaus Heinrich Kiwi wrote:
> > Is there a better description of what's in the tl_data structure? I
> > saw
> > some #defines in the kdb_ldap.h header file but couldn't correlate to
> > anything just by looking at t
On Jun 17, 2008, at 07:57, Klaus Heinrich Kiwi wrote:
> On Mon, 2008-06-16 at 23:38 -0400, Ken Raeburn wrote:
>> I suspect there are several LDAP schemas we could do a better job of
>> supporting and integrating with...
>
> And what, in your opinion, would be the better approach to accomplish
> thi
On Mon, 2008-06-16 at 23:38 -0400, Ken Raeburn wrote:
> I suspect there are several LDAP schemas we could do a better job of
> supporting and integrating with...
And what, in your opinion, would be the better approach to accomplish
this task?
The IBM Schema has a lot of commonality with the Nov
On Jun 16, 2008, at 22:58, Klaus Heinrich Kiwi wrote:
> thank you for your explanation. I'm still a bit confused about how KDC
> uses the TL data at the same time the KDB LDAP plugin also has some
> specific uses for it (for example KDB_TL_USERDN). Can 'krbExtraData'
> accommodate any kind of attri
On Mon, 2008-06-16 at 19:25 -0400, Ken Raeburn wrote:
> The "application" data in question is indeed the MIT KDC
> implementation; all this stuff is internal to the MIT implementation.
> In src/include/kdb.h you'll find definitions of some macros KRB5_TL_*
> vaguely describing in their name
On Jun 16, 2008, at 19:00, Klaus Heinrich Kiwi wrote:
> Is there a better description of what's in the tl_data structure? I
> saw
> some #defines in the kdb_ldap.h header file but couldn't correlate to
> anything just by looking at their names. Also, looks like this tl_data
> structure has a func
On Mon, 2008-06-09 at 02:52 -0600, Savitha R wrote:
> Last modification time is part of tl_data and entry's tl_data is
> stored
> in krbExtraData attribute.
Is there a better description of what's in the tl_data structure? I saw
some #defines in the kdb_ldap.h header file but couldn't correlate t
On Jun 9, 2008, at 04:52, Savitha R wrote:
On Sat, Jun 7, 2008 at 1:46 AM, in message
> <[EMAIL PROTECTED]>, Klaus Heinrich Kiwi
> <[EMAIL PROTECTED]> wrote:
>> Hi,
>>
>> I hav some questions regarding how data is organized when using the
>> LDAP KDB plugin for a realm. I hope this is the rig
>>> On Sat, Jun 7, 2008 at 1:46 AM, in message
<[EMAIL PROTECTED]>, Klaus Heinrich Kiwi
<[EMAIL PROTECTED]> wrote:
> Hi,
>
> I hav some questions regarding how data is organized when using the
> LDAP KDB plugin for a realm. I hope this is the right place to ask.
>
> I have a Realm set-up usi
Hi,
I hav some questions regarding how data is organized when using the
LDAP KDB plugin for a realm. I hope this is the right place to ask.
I have a Realm set-up using the LDAP backend. First thing is: when
querying a principal using kadmin, why attributes such as 'Last
[successful,failed] authe
16 matches
Mail list logo
