More text about the acl_file entry and hdb-ldap-structural-object.

From Rüdiger Ranft.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17960 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-09-01 10:20:49 +00:00
parent dfb67b10ac
commit 8e7c26b37d

View File

@@ -932,18 +932,25 @@ schema definition syntax instead of the old UMich-style, V2 syntax.
@item
You should specify the distinguished name under which your
principals will be stored in @file{krb5.conf}:
principals will be stored in @file{krb5.conf}. Also you need to
enter the path to the kadmin acl file:
@example
[kdc]
database = @{
dbname = ldap:ou=KerberosPrincipals,dc=example,dc=com
hdb-ldap-structural-object = inetOrgPerson
acl_file = /path/to/kadmind.acl
mkey_file = /path/to/mkey
@}
@end example
@samp{mkey_file} can be excluded if you feel that you trust your ldap
directory to have the raw keys inside it.
directory to have the raw keys inside it. The
hdb-ldap-structural-object is not necessary if you do not need Samba
comatibility.
@item