directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: Kerberos Kadmin GUI
Date Sat, 23 Jun 2007 11:23:23 GMT
I guess as long as we have a convenient mechanism for adding, removing and
updating Kerberos users and passwords then we should be OK.  How this is
done is not that important right now, but may be from a security
perspective.
As long as SASL and SSL are being used via LDAP we can trust such operations
in production environments.

I don't know if the state of the changepw protocol with the new capabilities
you
mentioned are even viable right now but perhaps they will be later in which
case
we can enable 2 separate mechanisms for managing Kerberos users.

Alex

On 6/22/07, Enrique Rodriguez <enriquer9@gmail.com> wrote:
>
> On 6/21/07, Emmanuel Lecharny <elecharny@apache.org> wrote:
> > Enrique Rodriguez a écrit :
> > > ...
> > > We can do most of what we need with the LDAP protocol and our X.500
> > > ACI.
> >
> > Sure, but I think a GUI is great to have to avoid complex manipulation
> > of such elements. We already have an ACI editor in Apache Directory
> > Studio, we just need a specific interface for Kerberos admin, I guess.
>
> I agree.  I don't think users should have to directly manipulate
> attributes and know ACI syntax.  A tool would be great.  My point was
> more that the protocol to do this with should be LDAP and not Kadmin.
>
> > ...
> > Can we have a status for those RFCs and drafts ?
>
> I will start one here:
>
> http://cwiki.apache.org/confluence/display/DIRxSBOX/Kerberos+RFC+Support
>
> Enrique
>

Mime
View raw message