TomYu: New page: {{minutes|2013}} Shawn Emery, Greg Hudson, Ben Kaduk, Nathaniel McCallum, Zhanna Tsitkov, Nico Williams, Tom Yu ==Companion daemon== ;Nathaniel: Worst case it drops off face of earth. R...

2013-06-13T20:44:53Z

New page: {{minutes|2013}} Shawn Emery, Greg Hudson, Ben Kaduk, Nathaniel McCallum, Zhanna Tsitkov, Nico Williams, Tom Yu ==Companion daemon== ;Nathaniel: Worst case it drops off face of earth. R...

New page

{{minutes|2013}}

Shawn Emery, Greg Hudson, Ben Kaduk, Nathaniel McCallum, Zhanna Tsitkov, Nico Williams, Tom Yu

==Companion daemon==

;Nathaniel: Worst case it drops off face of earth. Reject to client. Should somehow signal client to retry.

;Greg: RADIUS server might not be a companion daemon.

;Nathaniel: Local will always give an immediate error. libkrad will attempt to retry.

;Tom: KDC_ERR_SVC_UNAVAILABLE

;Nathaniel: Requirement to put sockets in /run (from SELinux)

;Greg: Open to configure option for /run, maybe try to add autodetect

;Shawn: More authorization checks for S4U2Self... limit proxy princ deleg for specific clients. [ Probably really need this in S4U2Proxy ]

;Greg: Write a project page. LDAP back end can check but ignores client principal. [ this would be a new capability ]

;Nico: Have wanted this too.

==Zero-component principals==

;Nico: Question on KITTEN list re zero-length (zero component) principals... want to steal syntax to specify realm alone GSS name type for naming realms. Form would be "@REALMNAME". Heimdal apparently gives you a single-component principal whose content is "@" in that case.

==OTP==

;Nathaniel: Greg, have working tests. Forward slash determines file vs (literal) password for secret.

;Greg: Maybe we can have a default directory.

Release Meeting Minutes/2013-06-11 - Revision history

TomYu: New page: {{minutes|2013}} Shawn Emery, Greg Hudson, Ben Kaduk, Nathaniel McCallum, Zhanna Tsitkov, Nico Williams, Tom Yu ==Companion daemon== ;Nathaniel: Worst case it drops off face of earth. R...