Release Meeting Minutes/2012-04-03

From K5Wiki

< Release Meeting Minutes

Jump to: navigation, search

Will Fiveash, Thomas Hardjono, Greg Hudson, Simo Sorce, Zhanna Tsitkov, Tom Yu

IETF

Tom: IANA guidelines proposal from Sam?

Greg: Looks reasonable to me.

Tom: GSS extensions for cred stuff?

Greg: Might nto want to expose directly...?

Simo: Would expect admin to do it.

Tom: Note SAP admins explicitly config OIDs, mech shlib paths... URN content is not a cred itself.

Simo: Name only.

Greg: Proxy will know which cred by which client is talking to it.

Simo: Mechglue is minimally more intelligent than now. Fallback. Proxy server can tell mechglue to go direct.

Simo: Possible RFC for proxy protocol. Also implementation information. GSS-agent -- like ssh-agent, so maybe indirectly over the net.

Multi-master fallback

Will: ZFS storage appliance. AD multi-master race condition joining, creating service principal.

Simo: Can't do DNS alone. CLDAP, etc.

Will: MIT Kerberos. 2 KDCs. Multiple KDCs, admin servers in kdc.conf. Orders opposite. kinit -- principal not found. Should it try harder?

Tom: admin_server different from master. Are multiple masters tested?

Simo: Some enterprises have thousands of masters. Try to stick to a server. Locate plugin to stick to it. Consistency is important.

Greg: (to Simo) init_creds_step. sssd could do this instead of locate plugin.

Simo: Want all apps to stick to one KDC. AD does round robin. (same SRV priority)

Tom: Trying harder can lead to long timeouts.

Retrieved from "https://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2012-04-03&oldid=4596"

Release meeting minutes 2012

Navigation menu