Simon Wilkinson <[EMAIL PROTECTED]> writes: > One thing I keep thinking about implementing is an LDAP->kadmin > proxy. You'd still have the KDC database in the current DB format, but > you'd be able to access it through an overlay on your OpenLDAP server, > which would translate LDAP actions into kadmin RPCs.
Having done a bit of Active Directory munging over LDAP, I don't think LDAP makes a very appealing kadmin protocol, although it may be better with a better data model than Active Directory offers. (Separating flags out into separate attributes, for example, rather than using a bitmask in one attribute.) LDAP is an extremely heavy-weight and complex protocol, although it does have the advantage of having stable libraries and a reasonable authentication structure. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
