logo_kerberos.gif

Release Meeting Minutes/2012-02-28

From K5Wiki
Jump to: navigation, search


Will Fiveash, Carlos Garay, Greg Hudson, Simo Sorce, Zhanna Tsitkova, Tom Yu

Git etc

Will is having git-svn issues.

Greg
Just do a fork on GitHub instead.
Will
Changes for simplifying mkey list in Solaris. libumem testnig. No aliasing of mkey lists.


1.11

Simo
Import/export cred. Might be better to have generic (not krb5-specific) import cred.
Greg
gss_set_cred_opt ... can actually create creds.
Simo
No abstract way to ... need to know OID, implementation URIs? Would like to distinguish between keytab, ccache.
Greg
Maybe gss_import_cred. "cred" type to import_name. Either a buffer or a URI.

Moving ccache location

Greg
Agreement?
Simo
Moving out of /tmp. Using private tmp directory per user.
Greg
DIR ccaches?
Simo
Shouldn't be a problem.
Greg
Has to pre-exist.
Simo
Might pre-create or ask user to.
Greg
Login process would make.
Simo
would possibly not.
Greg
Bind mount?
Simo
To keep /tmp directory separate.
Greg
How would gssd find it?
Simo
Each process would see a different /tmp from any other (process / session / user). Would be tmpfs to avoid credential theft from disk.