logo_kerberos.gif

Release Meeting Minutes/2012-07-24

From K5Wiki
Jump to: navigation, search


Will Fiveash, Thomas Hardjono, Sam Hartman, Greg Hudson, Ben Kaduk, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkov, Tom Yu

Greg
UIDs. Token parameters. UID expands to RUID. Corresponds to existing Heimdal behavior.
Simo
Make a new EUID example.
Sam
krb4 was more consistent about real vs effective UID (and dead wrong). [ also wants token for username ]
Greg
Conflicting feedback on default client keytab. Will be build-configurable.
Tom
"Secrets in /var" objection ... we already put KDC files in /var.
Simo
Secure NFS... multiple daemons. App might not care, but NFS does. So clients are more numerous than acceptors.
Sam
Default MIT ships is not that important. Linux distributions should probably agree on something.
Greg
Response sets. Won't commit current patches yet. Will do OTP commit first. (to get concrete case as an example) Nathaniel wanted marshalling functions [ for validation etc. ] [ marshalling is in key names ]
Greg
On composition side, it's easier. Not so much on the reading side.
Sam
See REST APIs.
Greg
Don't know which is best. In a higher level language, probably not a big deal. In C, it's going to be more annoying.
Simo
Needs some standards...
Sam
It might be easier to get MIT - Heimdal agreement with exploded.
Nathaniel
Need ASN.1 help.
Greg
Have some prior work that could be used. Nathaniel, we'll want fake KDC plugin for a test case.
Greg
Default keytab. Vendors likely to override.
Sam
Search lists.
Greg
Allow graceful migration.
Sam
First or last wins? Will have to revisit eventually.
Greg
Multiple relations with same name means search.
Sam
Could have a case where there are both user and system krb5.conf files, and user wants to override.
Greg
Right now, first wins.
Greg
How to specify at build time. krb5-config? Output of search list.
Tom
Nico's policy extensibility proposal.
Simo
What format for tl_data?
Greg
Depends on DB back end.