directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrique Rodriguez" <enriqu...@gmail.com>
Subject [Kerberos] FYI, draft Kerberos schema
Date Thu, 10 May 2007 22:57:02 GMT
Hi, Directory developers,

FYI, I want to make you aware of an IETF draft "for storing Kerberos
version 5 information in LDAP directories." [1]  I just thought of
this because portions of this schema overlap the LDAP password policy
draft [2].  After the recent encryption types and password policy
work, we have maxed-out our current Kerberos schema.

Who knows if/when this draft will become an RFC, but it is well
thought out and reviewed and I'd like to start using portions of it
for features we already support.  The OID's aren't defined, but we
could use our own.  The OID's are easy to change later but wiring up
the protocols to the schema will be a bit of work.  Any thoughts on
whether we can/should adopt a draft?

I pinged the Novell authors, since the author of [2] is also at
Novell, so maybe there's no need for the overlap in password policy
and I was curious if they had any thoughts on licensing.

Enrique

[1] http://mailman.mit.edu/pipermail/kdc-schema/attachments/20060803/caceb865/draft-rajasekaran-kerberos-ldap-schema-01-0001.txt

[2] http://tools.ietf.org/html/draft-behera-ldap-password-policy-09

Mime
View raw message