logo_kerberos.gif

Release Meeting Minutes/2010-08-31

From K5Wiki
Jump to: navigation, search


Shawn Emery, Zhanna Tsitkova, Greg Hudson, Tom Yu, Simo Sorce, Sam Hartman

Shawn will look into arrangements re early solaris source access.

Greg
password quality interface. princ, pass, dictfile, policy name; localization of password quality error messages: how to localize? on client or server? send number? or string?
Simo
Microsoft uses message catalog numbers in free-form text.

Greg
Will leave parameter for localization.
Simo
Disagree for complexity reasons.
Greg
Leaves open the possibility; extra unused parameter is a small cost.

Sam
can think of many reasons for that set/change protocol and none of them are localization. Is Marcus happy?
Greg
Marcus offered it as a suggestion. Have already implemented many of the changes Marcus made.
Sam
Prefer to not do password sync via stackable DB mechanisms. Love likes it, but it's not implemented in Heimdal yet.
Greg
iprop is kind of gimpy stacking. Hooks look like a potential stacking.

Shawn
issues with multi-tierd using file replay caches. sharing "host" principal. locking issues? Multiple threads independently open an rcache; mutex only protects in-memory object, not file.
Sam
Make changes in GSS relating to [acceptor?] credentials.
Greg
High level: protocols should be replay-proof. rcache doesn't help with suppress/replay, etc. attacks.
Personal tools