Release Meeting Minutes/2012-02-21
Will Fiveash, Carlos Garay, Thomas Hardjono, Greg Hudson, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkova, Tom Yu
- Probably first week of March. A few more patches to pull up.
- How to map principals from a trusted realm to users local to a machine. Considering Windows PAC or POSIX PAD. Plugin?
- krb5_aname_to_lname. Could do plugin interface for 1.11; probably wouldn't take long.
- Should have been an nsswitch interface, but I wouldn't change it to that now.
- Get admin creds in a ccache. Then repeatedly "kadmin -q". Not efficient, but works.
Nathaniel asks about details of string attribute encoding in TL data so he can write a KDB back end to deal with them. Greg provides.
This is to support the GSS proxy concept.
- Only needed for stateless?
- Stateful is more vulnerable to DoS attacks. Probably encrypted because it will be given to untrusted clients.