logo_kerberos.gif

Projects/DBAliases

From K5Wiki
< Projects
Revision as of 14:39, 5 March 2009 by Ghudson (talk | contribs) (New page: {{project-early}} Currently the MIT KDC implementation contains support for name canonicalization; however, neither of the shipped back ends has any support for aliases or principal name ...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
This is an early stage project for MIT Kerberos. It is being fleshed out by its proponents. Feel free to help flesh out the details of this project. After the project is ready, it will be presented for review and approval.


Currently the MIT KDC implementation contains support for name canonicalization; however, neither of the shipped back ends has any support for aliases or principal name transformation on lookup. This project will implement basic alias support for the DB2 and hopefully the LDAP back ends. A major use case for this feature is servers with more than one hostname. Case folding and other transformations of principal names are out of scope.

Functional Requirements

  • It must be possible to create aliases in the DB2 back end such that looking up the alias produces the entry for the canonical name.
  • It must be possible to synchronize aliases for host principals with an outside source of information such as a DNS zone file.
  • For feature parity, it is desirable if aliases can also be created in the LDAP back end.

Design