Release Meeting Minutes/2012-02-14

From K5Wiki

< Release Meeting Minutes

Revision as of 16:31, 20 February 2012 by TomYu (talk | contribs) (New page: {{minutes|2012}} Will Fiveash, Carlos Garay, Thomas Hardjono, Greg Hudson, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkova, Tom Yu == DLL Hell == ;Greg: Use -Bgroup or RTLD_DEEPBIND on L...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Will Fiveash, Carlos Garay, Thomas Hardjono, Greg Hudson, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkova, Tom Yu

DLL Hell

Greg: Use -Bgroup or RTLD_DEEPBIND on Linux
Will: sshd on Solaris links gss but dlopens krb5. no RTLD_GROUP in libpam source on Solaris.
Greg: RTLD_GROUP is unfriendly to module developers; they have to do extra work.
Tom: Could try making glibc devs fix it.
Simo: SSSD only depends on libc. Pipes to other stuff.
Tom: Document this mess?
Greg: Maybe on the wiki.
Tom: Could clean up my minimal test case to demo problem.

Will: Where is RTLD_GROUP checked?
Tom: If dlfcn.h has it, we assume it works.

krb5-1.11 planning

Greg

Preauth sets? No existing plan for 1.11. 3 pieces:

FAST cookies
Flexible KDC configuration for preauth requirements per principal
Actual preauth sets

Greg: OTP uses the armor key as reply key. In some ways this is weaker than SAM2 with password.
Nathaniel: collect-pin / do-not-collect-pin / separate-pin-required. Separate means 2 prompts. Insert into otp-pin / otp-value fields. collect-pin -- PIN will always be part of key generation. Think PIN should always be included.

Retrieved from "https://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2012-02-14&oldid=4550"

Release meeting minutes 2012

Navigation menu