[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


In the process of setting up pkinit again, I was struck by the fact that 
the subject<->principal mapping provided by the /var/heimdal/pki-mapping 
file was exactly the sort of thing that many sites might want to pull 
from an LDAP directory. I assume that right now this is hardcoded to use 
pki-mapping, and for now we could probably extract this info from our 
LDAP directory and stick it into a file on our kdc periodically, but do 
other people think it would be usefull to have a way to have the kdc 
pull this info from LDAP? If so, I'll see if I can get some of my cycles 
allocated to working on this.

can anyone think of any reasons that this would be a bad idea?

-Matt Andrews