On Mon, 2008-06-09 at 02:52 -0600, Savitha R wrote:
> Last modification time is part of tl_data and entry's tl_data is
> stored
> in krbExtraData attribute.


Is there a better description of what's in the tl_data structure? I saw
some #defines in the kdb_ldap.h header file but couldn't correlate to
anything just by looking at their names. Also, looks like this tl_data
structure has a function outside the kdb abstraction layer domain (ie.:
it's used within the KDC itself). Could you give me any insight of how
it's being used and where? The description in the Schema file ("holds
the application specific data") is a little confusing (application here
refers to the Kerberos protocol? MIT KDC implementation? the LDAP KDB
plugin itself?)

The IBM LDAP Schema can carry all kinds of data within a realm or
principal object, so I'm trying to figure it out how to carry those with
minimal change to the current LDAP KDB plugin code.

Thanks,

-Klaus

--
Klaus Heinrich Kiwi
Linux Security Development, IBM Linux Technology Center