Release Meeting Minutes/2013-06-11
Shawn Emery, Greg Hudson, Ben Kaduk, Nathaniel McCallum, Zhanna Tsitkov, Nico Williams, Tom Yu
- Worst case it drops off face of earth. Reject to client. Should somehow signal client to retry.
- RADIUS server might not be a companion daemon.
- Local will always give an immediate error. libkrad will attempt to retry.
- Requirement to put sockets in /run (from SELinux)
- Open to configure option for /run, maybe try to add autodetect
- More authorization checks for S4U2Self... limit proxy princ deleg for specific clients. [ Probably really need this in S4U2Proxy ]
- Write a project page. LDAP back end can check but ignores client principal. [ this would be a new capability ]
- Have wanted this too.
- Question on KITTEN list re zero-length (zero component) principals... want to steal syntax to specify realm alone GSS name type for naming realms. Form would be "@REALMNAME". Heimdal apparently gives you a single-component principal whose content is "@" in that case.
- Greg, have working tests. Forward slash determines file vs (literal) password for secret.
- Maybe we can have a default directory.