On 02/14/2015 02:20 AM, Gergely Czuczy wrote: > So, actually there's a difference between an alias, and the -x linkdn= > option? > The alias is technically the very same principal, and addprinc -x > linkdn= is a new principal, linked to an already existing entry in LDAP?
linkdn is totally different from aliases. The -x linkdn option just sets a krbObjectReferences attribute on a standalone principal object. This attribute has no particular semantics to the KDC or kadmind; it might have meaning to an external LDAP administration tool (such as eDirectory, which our LDAP support originally came from). ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
