logo_kerberos.gif

Release Meeting Minutes/2012-02-14

From K5Wiki
Jump to: navigation, search


Will Fiveash, Carlos Garay, Thomas Hardjono, Greg Hudson, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkova, Tom Yu

DLL Hell

Greg
Use -Bgroup or RTLD_DEEPBIND on Linux
Will
sshd on Solaris links gss but dlopens krb5. no RTLD_GROUP in libpam source on Solaris.
Greg
RTLD_GROUP is unfriendly to module developers; they have to do extra work.
Tom
Could try making glibc devs fix it.
Simo
SSSD only depends on libc. Pipes to other stuff.
Tom
Document this mess?
Greg
Maybe on the wiki.
Tom
Could clean up my minimal test case to demo problem.
Will
Where is RTLD_GROUP checked?
Tom
If dlfcn.h has it, we assume it works.

krb5-1.11 planning

Greg
Preauth sets? No existing plan for 1.11. 3 pieces:
  • FAST cookies
  • Flexible KDC configuration for preauth requirements per principal
  • Actual preauth sets
Greg
OTP uses the armor key as reply key. In some ways this is weaker than SAM2 with password.
Nathaniel
collect-pin / do-not-collect-pin / separate-pin-required. Separate means 2 prompts. Insert into otp-pin / otp-value fields. collect-pin -- PIN will always be part of key generation. Think PIN should always be included.