[Date Prev][Date Next] [Chronological] [Thread] [Top]

kerberos identity syntax

To: stokes@austin.ibm.com
Subject: kerberos identity syntax
From: Leif Johansson <leifj@it.su.se>
Date: Tue, 28 Mar 2000 01:58:15 +0200
Cc: ietf-ldapext@netscape.com
Resent-date: Mon, 27 Mar 2000 15:59:08 -0800 (PST)
Resent-from: ietf-ldapext@netscape.com
Resent-message-id: <wOq7dC.A.eWF.yW_34@glacier>
Resent-sender: ietf-ldapext-request@netscape.com

I believe that the syntax for kerberosID in the acl draft does not
accurately reflect all possible forms of a principal. It would be
better to refer to section 7 of RFC 1510 where the various forms of
principal names are listed. Note that one possible form of princpal
names are directory distinguished names which cannot be matched 
using caseIgnoreMatch. This would seem to make caseIgnoreMatch a
poor choice for aci matchingrule.

	Cheers,

Leif Johansson				Phone: +46 8 164541		
Department of Mathematics		Fax  : +46 8 6126717		
Stockholm University 			email: leifj@matematik.su.se 	

    <This space is left blank for quotational and disclamatory purposes.>

Prev by Date: acess control to entry attributes
Next by Date: FYI: LDIF approved by IESG
Index(es):
- Chronological
- Thread