logo_kerberos.gif

Release Meeting Minutes/2014-09-30

From K5Wiki
< Release Meeting Minutes(Difference between revisions)
Jump to: navigation, search
(New page: {{minutes|2014}} Will Fiveash, Thomas Hardjono, Greg Hudson, Ben Kaduk, Simo Sorce, Zhanna Tsitkov, Tom Yu GSS_S_DEFECTIVE_TOKEN issue? {{bug|7232}}? Probably IAKERB related. Red Hat ...)
 
 
Line 18: Line 18:
   
 
There was a request to have directory entries sorted when doing profile directory inclusion. It would be a behavior change, but it's arguably a bug. Can probably go into a 1.13 patch, but not back ported because it would introduce a dependency on glob().
 
There was a request to have directory entries sorted when doing profile directory inclusion. It would be a behavior change, but it's arguably a bug. Can probably go into a 1.13 patch, but not back ported because it would introduce a dependency on glob().
  +
  +
For [[Projects/Replay_cache_improvements]], we could consider making small short-term improvements to the existing implementation to reduce the incidence of corruption, prior to designing a replacement.
  +
  +
Simo will ask the KITTEN WG about why the Suite B enctypes counterintuitively pair AES128-SHA256 and AES256-SHA384.

Latest revision as of 17:05, 8 October 2014


Will Fiveash, Thomas Hardjono, Greg Hudson, Ben Kaduk, Simo Sorce, Zhanna Tsitkov, Tom Yu

GSS_S_DEFECTIVE_TOKEN issue? [krbdev.mit.edu #7232]? Probably IAKERB related.

Red Hat people gave up on the port 4444 thing for now.

Maybe IAKERB shouldn't be on the default list of mechs? It can lead to confusing user experiences.

Simo
Environment variable to control mech list?
Greg
No "secure context" APIs for GSS.
Simo
Secure getenv? [ Linux-only ]
Tom
krb5-1.13-beta1 Friday. Expect final release around the 15th.

There was a request to have directory entries sorted when doing profile directory inclusion. It would be a behavior change, but it's arguably a bug. Can probably go into a 1.13 patch, but not back ported because it would introduce a dependency on glob().

For Projects/Replay_cache_improvements, we could consider making small short-term improvements to the existing implementation to reduce the incidence of corruption, prior to designing a replacement.

Simo will ask the KITTEN WG about why the Suite B enctypes counterintuitively pair AES128-SHA256 and AES256-SHA384.

Personal tools