[27782] in Kerberos
Re: add principal to kerberos with ldap backend
daemon@ATHENA.MIT.EDU (Savitha R)
Wed May 16 07:57:21 2007
Message-Id: <464B3ED0.C217.0053.0@novell.com>
Date: Wed, 16 May 2007 05:56:40 -0600
From: "Savitha R" <rsavitha@novell.com>
To: <kerberos@mit.edu>, "Nikolai Tenev" <ntenev@orbitel.bg>
In-Reply-To: <200705151218.29970.ntenev@orbitel.bg>
Mime-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>>> On Tue, May 15, 2007 at 2:48 PM, in message
<200705151218.29970.ntenev@orbitel.bg>, Nikolai Tenev <ntenev@orbitel.bg>
wrote:
> Hi everyone,
> sorry if mu question is dump, but I can't find answer in documentation. I
> setup and running MIT Kerberos 1.6 with LDAP backend and can add principals
> with kadmin tool. Now I need a solution (if it's possible) to add principal
> directly to LDAP, but can't find info how to create ldif file, especially
> for
> values of krbPrincipalKey and krbExtraData. Is anyone know how these fields
> are constructed ?
>
It is not possible to add the krbPrincipalKey attribute through a
LDIF file. The format of the value for this attribute is described in
in the schema file(kerberos.ldif)
krbExtraData is a multivalued octet string attribute. Each value
contains a type and value. Currently only a single value is stored.
First 16 bits has 0x0002 for the value type. Next 32 bits has the
entry creation/modification time (time since the Epoch
(00:00:00 UTC, January 1, 1970), measured in seconds)
in little endian format. This is followed by the name of the
principal modifying the entry.
-Savitha
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
