help-shishi
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kerberos and ldap: Standards?

From: Elrond
Subject: Re: kerberos and ldap: Standards?
Date: Fri, 21 Apr 2006 17:48:30 +0200
User-agent: Mutt/1.5.9i 
On Fri, Apr 21, 2006 at 05:10:26PM +0200, Simon Josefsson wrote:
[...]
> > So I was looking for the right standards.
> 
> Ah, I see what you mean.  I'm not sure there is a standard for
> something like that using ldap.

Ahh, that's the info I was looking for.

So I can just as well use krb5PrincipalName from
hdb.schema. ;)


> You could do all this on the KDC, to hide the details from the
> clients.

The core parts in tng, that need this stuff are more server
than client. Those parts have their own authneitcation for
ldap access, etc.

clients usually live only in one world.


> I think Microsoft uses "referrals" for similar problems, but I haven't
> followed this work closely:
> 
> http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-referrals-07.txt

>From the abstract, this looks more like "You're too dumb to
create krb-SRV-DNS-entries? No problem, your local KDC will
tell your clients, where the remote KDC really is" ;o)


    Elrond
reply via email to
[Prev in Thread] Current Thread [Next in Thread]