logo_kerberos.gif

Difference between revisions of "Release Meeting Minutes/2010-02-09"

From K5Wiki
Jump to: navigation, search
(New page: Bob Relyea, Thomas Hardjono, Greg Hudson, Zhanna Tsitkova, Tom Yu, Simo Sorce, Will Fiveash, Sam Hartman Sam has fix for enc_padata issue remaining 1.8 issues -- bug reports from Likewis...)
 
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
  +
{{minutes|2010}}
 
Bob Relyea, Thomas Hardjono, Greg Hudson, Zhanna Tsitkova, Tom Yu, Simo Sorce, Will Fiveash, Sam Hartman
 
Bob Relyea, Thomas Hardjono, Greg Hudson, Zhanna Tsitkova, Tom Yu, Simo Sorce, Will Fiveash, Sam Hartman
   
Line 11: Line 12:
 
Debian bug for LDAP fd leak.
 
Debian bug for LDAP fd leak.
   
...
 
  +
Debian bug on Firefox performance doing SPNEGO -- Simo says RHAT saw Firefox doing lots of DNS when doing krb auth. Suggestion that we use plugins to talk to browser, OS DNS caching
  +
  +
;Will Fiveash: customer wants HW_AUTHENT set when getting tickets with pkinit with smart cards
  +
  +
Discussion re Level of Assurance, etc., whether IETF krb-wg would be willing to standardize such an extension. Probably, but there might be concerns about the U.S.-centric nature of such an extension.
  +
  +
;Will Fiveash: pam_krb5 with pkinit. The pkinit plugin is ignoring password argument.
  +
  +
Some debate about how to best deal with this, whether the password argument should be treated as a token PIN, how to avoid having the token lock out if the wrong token-PIN pairing occurs, etc. Sam suggests a generic interface using prompt types, etc.

Latest revision as of 18:28, 3 January 2011


Bob Relyea, Thomas Hardjono, Greg Hudson, Zhanna Tsitkova, Tom Yu, Simo Sorce, Will Fiveash, Sam Hartman

Sam has fix for enc_padata issue

remaining 1.8 issues -- bug reports from Likewise; kadmin history; enc_padata; ssh ticket forwarding weirdness

anonymous pkinit doc? -- some stuff, not yet in TeXinfo

Lockout is documented in kadmin policy help strings, not elsewhere yet.

Debian bug for LDAP fd leak.

Debian bug on Firefox performance doing SPNEGO -- Simo says RHAT saw Firefox doing lots of DNS when doing krb auth. Suggestion that we use plugins to talk to browser, OS DNS caching

Will Fiveash
customer wants HW_AUTHENT set when getting tickets with pkinit with smart cards

Discussion re Level of Assurance, etc., whether IETF krb-wg would be willing to standardize such an extension. Probably, but there might be concerns about the U.S.-centric nature of such an extension.

Will Fiveash
pam_krb5 with pkinit. The pkinit plugin is ignoring password argument.

Some debate about how to best deal with this, whether the password argument should be treated as a token PIN, how to avoid having the token lock out if the wrong token-PIN pairing occurs, etc. Sam suggests a generic interface using prompt types, etc.