logo_kerberos.gif

Release Meeting Minutes/2013-07-09

From K5Wiki
Jump to: navigation, search


Will Fiveash, Greg Hudson, Ben Kaduk, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkov, Tom Yu

Greg
(to Nathaniel) think we're done. Maybe one more thing.

Simo proposes negative cache for service principals in GSS.

Ben
There's a long 30-second timeout on ssh if the target doesn't support GSS.
Greg
It was making ~120 queries. Domain walk. Multiple KDC lookups etc.
Simo
Firefox falls back on NTLM. Each img does a new GSS attempt. Long timeouts.

Maybe negative cache should have a short timeout? a few seconds?

Greg
Not more than 5 seconds.
Greg
Probably won't be able to do this in time for 1.12.
Simo
Red Hat might be interested in process-backed ccache.

Some discussion about strategies -- doors, dbus, etc. Some challenges with things like sudo.

Simo
Might find someone at Red Hat to do it.
Simo
GSS/NTLM. Can't use MIT crypto; used OpenSSL instead. Not exported. No Unicode support.
Zhanna
Why OpenSSL and not NSS?
Simo
Needed MD4.