Release Meeting Minutes/2012-02-21

From K5Wiki

< Release Meeting Minutes

Jump to: navigation, search

Will Fiveash, Carlos Garay, Thomas Hardjono, Greg Hudson, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkova, Tom Yu

Contents

1 krb5-1.10.1
2 Principal mapping
3 kadmin scripting
4 String attributes
5 gss_export_cred

krb5-1.10.1

Tom: Probably first week of March. A few more patches to pull up.

Principal mapping

Simo: How to map principals from a trusted realm to users local to a machine. Considering Windows PAC or POSIX PAD. Plugin?
Greg: krb5_aname_to_lname. Could do plugin interface for 1.11; probably wouldn't take long.
Simo: Should have been an nsswitch interface, but I wouldn't change it to that now.

kadmin scripting

Greg: Get admin creds in a ccache. Then repeatedly "kadmin -q". Not efficient, but works.

String attributes

Nathaniel asks about details of string attribute encoding in TL data so he can write a KDB back end to deal with them. Greg provides.

gss_export_cred

This is to support the GSS proxy concept.

Greg: Only needed for stateless?
Simo: Stateful is more vulnerable to DoS attacks. Probably encrypted because it will be given to untrusted clients.

Retrieved from "https://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2012-02-21&oldid=4553"

Release meeting minutes 2012

Navigation menu