Release Meeting Minutes/2011-07-12
Carlos Garay, Will Fiveash, Thomas Hardjono, Greg Hudson, Zhanna Tsitkova, Tom Yu
- Oracle staff -- mobile devices?
- Was Sun employee. Probably not the best person to ask. Oracle not providing employees with Apple laptops. Lenovo, Dell, Windows-based. Sun provided employees with Macs.
- What apps do you use Kerberos to auth to?
- Changing from Sun practice.Sun IT was busy doing large rollout protecting NFS homedirs with Kerberos. KDCs deployed, etc. Kerberos-authenticated SSH sessions. Hardly anyone uses telnet.
- If I were to build Kerberos for Android, how should it look?
- Make it transparent to the user.
- Last couple of weeks, a few Solaris 11 issues related to kadmin.local utility. They exec other commands. Trying to use roles-based authorization. Execution profile for users so they get elevated local privileges [when running kadmin: to install keytabs, etc.]. "bang"-shell escape. Those commands inherit privileges.
- libss builtin?
- Yes. Someone enhanced Solaris kadmin with a pager.
- Looks like the pager stuff is built into SS. list_requests invokes a pager.
- "pfexec". looks through profile information to decide whether user can exec a program.