Release Meeting Minutes/2012-07-24
From K5Wiki
Will Fiveash, Thomas Hardjono, Sam Hartman, Greg Hudson, Ben Kaduk, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkov, Tom Yu
- Greg
- UIDs. Token parameters. UID expands to RUID. Corresponds to existing Heimdal behavior.
- Simo
- Make a new EUID example.
- Sam
- krb4 was more consistent about real vs effective UID (and dead wrong). [ also wants token for username ]
- Greg
- Conflicting feedback on default client keytab. Will be build-configurable.
- Tom
- "Secrets in /var" objection ... we already put KDC files in /var.
- Simo
- Secure NFS... multiple daemons. App might not care, but NFS does. So clients are more numerous than acceptors.
- Sam
- Default MIT ships is not that important. Linux distributions should probably agree on something.
- Greg
- Response sets. Won't commit current patches yet. Will do OTP commit first. (to get concrete case as an example) Nathaniel wanted marshalling functions [ for validation etc. ] [ marshalling is in key names ]
- Greg
- On composition side, it's easier. Not so much on the reading side.
- Sam
- See REST APIs.
- Greg
- Don't know which is best. In a higher level language, probably not a big deal. In C, it's going to be more annoying.
- Simo
- Needs some standards...
- Sam
- It might be easier to get MIT - Heimdal agreement with exploded.
- Nathaniel
- Need ASN.1 help.
- Greg
- Have some prior work that could be used. Nathaniel, we'll want fake KDC plugin for a test case.
- Greg
- Default keytab. Vendors likely to override.
- Sam
- Search lists.
- Greg
- Allow graceful migration.
- Sam
- First or last wins? Will have to revisit eventually.
- Greg
- Multiple relations with same name means search.
- Sam
- Could have a case where there are both user and system krb5.conf files, and user wants to override.
- Greg
- Right now, first wins.
- Greg
- How to specify at build time. krb5-config? Output of search list.
- Tom
- Nico's policy extensibility proposal.
- Simo
- What format for tl_data?
- Greg
- Depends on DB back end.
