directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xu Yaning (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (DIRKRB-303) Discuss and possibly define Ldap schema for Kerby KDC
Date Fri, 19 Jun 2015 02:13:00 GMT

    [ https://issues.apache.org/jira/browse/DIRKRB-303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14592843#comment-14592843
] 

Xu Yaning edited comment on DIRKRB-303 at 6/19/15 2:12 AM:
-----------------------------------------------------------

Hi Kiran, I think I write something wrong. For a key, there are 3 attributes to store, keyVersion,
keyType and keyData. Since keyVersion and kvno are the same attribute, the attributes in krb5kdc
schema and the operational attribute {{createTimestamp}} can satisfy   Kerby's requirement.
So I think we can use krb5kdc schema to implement {{LdapIdentityBackend}}.


was (Author: yaningxu):
Hi Kiran, I think I write something wrong. For a key, there are 3 attributes to store, keyVersion,
keyType and keyData. Since keyVersion and kvno are the same attribute. The attributes in krb5kdc
schema and the operational attribute {{crreateTimestamp}} can satisfy   Kerby's requirement.
So I think we can use krb5kdc schema to implement {{LdapBackendIdentity}}.

> Discuss and possibly define Ldap schema for Kerby KDC
> -----------------------------------------------------
>
>                 Key: DIRKRB-303
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-303
>             Project: Directory Kerberos
>          Issue Type: New Feature
>            Reporter: Xu Yaning
>
> As discussed in DIRKRB-293 with [~akiran] and [~seelmann], it might be good to discuss
and possibly define an LDAP schema for Kerby KDC based on the one present in ApacheDS ({{krb5kdc}}).
This particularly works for the long term, as for now only a few identity attributes are supported
in Kerby, some time later we'll need to enhance and support much more ones that's likely not
existing in the ApacheDS's schema krb5kdc.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message