logo_kerberos.gif

Release Meeting Minutes/2012-06-12

From K5Wiki
Jump to: navigation, search


Thomas Hardjono, Greg Hudson, Simo Sorce, Zhanna Tsitkov, Tom Yu

Simo would like to do compile-time changes. /etc/krb5.keytab location

Greg
Multiple daemons, different UIDS. Nico doesn't want to require environment variables.
Tom
Environment variables can be accidentally set in ways that silently change behavior.
Greg
Bernstein's daemontools... upstart, systemd, ... keytab / ccache search. Nico's "Which is the first one you could create?"
Simo
Multiple default ccache locations are a bad idea. (session creds? etc.)
Greg
Username? UID?
Simo
UID may be simpler from security perspective. Can you start creating directories for DIR ccache?

Greg will look into it. Tentatively can autocreate.

Greg
If you have an empty DIR or no default, should it become the default cache (once you have the keytab creds)? If you kinit with a DIR ccache, it sets the default identity.
Simo
Regular expressions for default ccache?
Greg
Heimdal has expand_path substitution.
Simo
Escaping?
Greg
No username substitution; could be added later. Path extension probably on Unix only.