Release Meeting Minutes/2012-12-18

From K5Wiki

< Release Meeting Minutes

Jump to: navigation, search

Will Fiveash, Thomas Hardjono, Greg Hudson, Ben Kaduk, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkov, Tom Yu

Simo: 1.11 in Rawhide.

Simo: No date on release announcement web page. Would be nice for it to be there.

Nathaniel: Small question about OTP-RADIUS

DAL interface

Simo: Thought DAL interface changed, but not much changed; just had to rebuild.

Greg: That's surprising. Code should have to declare version.

Simo: Used exposed macro definition.

Greg: Should probably not expose that, but would need better documentation.

Greg: About 20 years ago, OVsec etc., policy used to be considered specific to kadm5. KDC was not expected to deal with it. Simo's back end doesn't deal with storing password policies...

Simo: 1.10 to 1.11 -- unless I recompile the IPA module, can't work. Would be nice to support both versions.

Greg: New plugin model would support it. DAL has yet to be converted.

Tom: Any objection to mid-cycle changes to make release notes generated out of Sphinx?

[ not really; people just would prefer that stuff not move around too much ]

OTP-RADIUS

Greg: Dmitri wanted strip_realm to default to true. Seems weird to change based on transport. Doc says no tokens at all means act like specific zeroconf synthetic token. This woule have strip_realm=false but the default for a specific token would be true.

Greg: Omit some fields? token types etc? They're in the spec but optional.

Nathaniel: Concerned about release cycle. If we remove, someone would have to wait for more than a year. Red Hat plans to merge early and backport to 1.11.

Nathaniel: default config

Greg: First token becomes default... ordering hasn't been used like that with the profile library before. You have to do stuff with an iterator, etc. instead use a separate relation to indicate the default token.

Nathaniel: zeroconf?

Greg: If non configured, then use zeroconf token.

Storage appliance

Simo: Thread on FreeIPA list about a ... appliance. ZFS etc., from Oracle. To configure, you needed to give it principal and password with kadm5 principal creation privileges. Won't work in FreeIPA.

Will: "storage appliance". Does support joining AD but it's a different configuration path. In the future it could import a keytab.

Retrieved from "https://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2012-12-18&oldid=5014"

Release meeting minutes 2012

Navigation menu