This has been in progress for quite a long time, but this week I published a first draft for a new proposed standard schema for storing Kerberos KDC database info in LDAP. In fact, Simo Sorce from the Samba Team and I first started discussing this over a year ago at a Samba CIFS conference, but the necessary groundwork wasn’t done until this summer. With the publishing of the KDC Information Model document in July we were finally able to proceed. Of course, Heimdal users have been running their KDCs on top of OpenLDAP for years, and we’ve included this functionality in the Symas binary packages for several years as well. But the Heimdal approach was never formally standardized, and now that MIT Kerberos has added LDAP support, and has taken a different tack on their implementation, it’s time to step in and define a schema design that everyone can agree on, and that makes best use of the LDAP data model. With our decades of experience in both Kerberos and LDAP implementation, Symas is uniquely qualified to drive this work forward.
