On Thu, Apr 14, 2011 at 9:00 PM, Sumit Bose <sbose(a)redhat.com> wrote:
...
Yes, you can also find it in the MIT source in
src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema. The krbExtraData
attributre is used to store the Yubikey token id for the principal. It
is encoded so not easy to edit. I will add a utility to the rpm and web
site to make this easy.
I ran into the same dilemma when implementing a MultiFactor
authentication handler for Shibboleth. Ended up mapping usernames <->
YubiKey public id's in a plain text file as a proof of concept only.
Would it make sense for this group to start specifying a schema for
storing information about arbitrary authentication tokens in LDAP?
I'm no LDAP expert either, but I know that we have at least Tier-2
connections to someone who is (and works with Linus) =).
/Fredrik