Path: utzoo!utgpu!watserv1!watmath!att!linac!pacific.mps.ohio-state.edu!zaphod.mps.ohio-state.edu!usc!apple!agate!shelby!WATDRAGON.WATERLOO.EDU!jmsellens
From: jmsellens@WATDRAGON.WATERLOO.EDU ("John M. Sellens")
Newsgroups: comp.protocols.kerberos
Subject: What are a principal's attributes used for?
Message-ID: <9012142104.AA22611@watdragon.waterloo.edu>
Date: 14 Dec 90 21:04:07 GMT
Sender: news@shelby.stanford.edu (USENET News System)
Organization: Internet-USENET Gateway at Stanford University
Lines: 26

A principal in the Kerberos database has an attributes field.  I found
this in kadm.h
    /* Attributes fields constants and macros */
    #define ALLOC        2
    #define RESERVED     3
    #define DEALLOC      4
    #define DEACTIVATED  5
    #define ACTIVE       6
but I haven't seen anything that actually seems to use these attributes.
Does anything?

I'm wondering how to set up classes of users.  For example, imagine a
campus wide Kerberos database.  What happens when someone forgets his/her
password?  Should a student consultant be able to change the password
of a faculty member in another faculty? (and so on).  It might be nice
if there was a way to give (more) different levels of database control to
various people, without having to resort to multiple realms.  Hmmm ...

And on another topic - does anyone have any (available) tools for doing
bulk adds or updates to the Kerberos database?  I'm wondering how to
get a lot of people in without doing a dump and load or something.


John Sellens
University of Waterloo
jmsellens@watdragon.waterloo.edu