directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <>
Subject Re: Kerberos Kadmin GUI
Date Sat, 23 Jun 2007 11:23:23 GMT
I guess as long as we have a convenient mechanism for adding, removing and
updating Kerberos users and passwords then we should be OK.  How this is
done is not that important right now, but may be from a security
As long as SASL and SSL are being used via LDAP we can trust such operations
in production environments.

I don't know if the state of the changepw protocol with the new capabilities
mentioned are even viable right now but perhaps they will be later in which
we can enable 2 separate mechanisms for managing Kerberos users.


On 6/22/07, Enrique Rodriguez <> wrote:
> On 6/21/07, Emmanuel Lecharny <> wrote:
> > Enrique Rodriguez a écrit :
> > > ...
> > > We can do most of what we need with the LDAP protocol and our X.500
> > > ACI.
> >
> > Sure, but I think a GUI is great to have to avoid complex manipulation
> > of such elements. We already have an ACI editor in Apache Directory
> > Studio, we just need a specific interface for Kerberos admin, I guess.
> I agree.  I don't think users should have to directly manipulate
> attributes and know ACI syntax.  A tool would be great.  My point was
> more that the protocol to do this with should be LDAP and not Kadmin.
> > ...
> > Can we have a status for those RFCs and drafts ?
> I will start one here:
> Enrique

View raw message