On Tue, Apr 18, 2006 at 10:35:15AM +0200, Simon Josefsson wrote:
> Hi Elrond! Sorry for the slow response.
>
> Elrond <[EMAIL PROTECTED]> writes:
>
> > Maybe a bit off-topic, but:
> >
> > I know about hdb.schema from heimdal.
> >
> > Are there any other notable standards about storing
> > kerberos related information in ldap?
>
> Have you seen:
>
> http://josefsson.org/cgi-bin/viewcvs.cgi/shishi/doc/specifications/draft-johansson-kerberos-model-02.txt?rev=1.1&view=auto
Ahh, looks interesting.
[...]
> > Currently I'm interested in an attribute, that stores the
> > kerberos' principal name, that relates to a DN/account.
> >
> > In hdb.schema this is krb5PrincipalName.
>
> I think you could write a new shisa module that would get the
> information the KDC requests from shisa from the LDAP server. Copy
> file.c and file.h into ldap.c and ldap.h and start modifying it... It
> probably require some work, but maybe I can assist you.
Well, I don't want to write a full backend for shisa.
I only want to put mappings into ldap.
Think of mapping unix accounts (which are flat, no realm)
to principals (which have a realm).
Say I want to unix user jas to [EMAIL PROTECTED] and unix
user elrond to [EMAIL PROTECTED]
uid: jas
unknown: [EMAIL PROTECTED]
uid: elrond
unknown: [EMAIL PROTECTED]
So what to use for "unknown"?
My current best guess is "krb5PrincipalName".
Elrond
_______________________________________________
Help-shishi mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-shishi
