On Mon, 2008-06-09 at 02:52 -0600, Savitha R wrote:
> Last modification time is part of tl_data and entry's tl_data is
> stored
> in krbExtraData attribute.

Is there a better description of what's in the tl_data structure? I saw
some #defines in the kdb_ldap.h header file but couldn't correlate to
anything just by looking at their names. Also, looks like this tl_data
structure has a function outside the kdb abstraction layer domain (ie.:
it's used within the KDC itself). Could you give me any insight of how
it's being used and where? The description in the Schema file ("holds
the application specific data") is a little confusing (application here
refers to the Kerberos protocol? MIT KDC implementation? the LDAP KDB
plugin itself?)

The IBM LDAP Schema can carry all kinds of data within a realm or
principal object, so I'm trying to figure it out how to carry those with
minimal change to the current LDAP KDB plugin code.



Klaus Heinrich Kiwi
Linux Security Development, IBM Linux Technology Center