On Fri, Apr 21, 2006 at 05:10:26PM +0200, Simon Josefsson wrote: [...] > > So I was looking for the right standards. > > Ah, I see what you mean. I'm not sure there is a standard for > something like that using ldap.
Ahh, that's the info I was looking for. So I can just as well use krb5PrincipalName from hdb.schema. ;) > You could do all this on the KDC, to hide the details from the > clients. The core parts in tng, that need this stuff are more server than client. Those parts have their own authneitcation for ldap access, etc. clients usually live only in one world. > I think Microsoft uses "referrals" for similar problems, but I haven't > followed this work closely: > > http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-referrals-07.txt >From the abstract, this looks more like "You're too dumb to create krb-SRV-DNS-entries? No problem, your local KDC will tell your clients, where the remote KDC really is" ;o) Elrond _______________________________________________ Help-shishi mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-shishi
