Release Meeting Minutes/2013-02-12
David Benjamin, Thomas Hardjono, Greg Hudson, Ben Kaduk, Simo Sorce, Zhanna Tsitkov, Tom Yu
- Started work on auth_to_local interface. Want to fix some existing behavior. Can't distinguish different realms. Also a problem when using regex-based rules.
- Probably will leave things alone in case someone depends on it, and document behavior.
- git.mit.edu firewalled from off-campus soon.
Some discussion about CAMMAC. What purpose does a KDC MAC serve? Detached verification? Some people (Sam?) are skeptical about detached verification. Do we want something like ad-signedpath? What bits to sign?
- S4U2Proxy -- CAMMAC as it currently exists is probably good enough to allow supporting it in the future. (e.g., could define a new authorization data type that MACs most of the content of the ticket, and put that in the CAMMAC.) So what is the minimum binding component?
- cname, authtime, endtime -- to support detached verification.
- Do you actually need detached verification?
- Can probably use GSS proxy, but would like the option if needed in the future.
- Will get text to you later this week.