Difference between revisions of "Release Meeting Minutes/2010-11-23"
From K5Wiki
(New page: Greg Hudson, Thomas Hardjono, Tom Yu, Zhanna Tsitkova, Simo Sorce, Sam Hartman anon-pkinit issue. ;Greg: start new conversation on krb-wg about authorization issue, e.g. whether KDC poli...) |
|||
Line 1: | Line 1: | ||
+ | {{minutes|2010}} |
||
Greg Hudson, Thomas Hardjono, Tom Yu, Zhanna Tsitkova, Simo Sorce, Sam Hartman |
Greg Hudson, Thomas Hardjono, Tom Yu, Zhanna Tsitkova, Simo Sorce, Sam Hartman |
||
Latest revision as of 18:19, 3 January 2011
Greg Hudson, Thomas Hardjono, Tom Yu, Zhanna Tsitkova, Simo Sorce, Sam Hartman
anon-pkinit issue.
- Greg
- start new conversation on krb-wg about authorization issue, e.g. whether KDC policy can restrict what tickets it issues -- already exists for things like requires_preauth
- Simo
- service can allow all principals, including cross-realm
- Greg
- add text excepting anonymous from standard ticket issuance/authorization model [ look whether anonymous creation of host principals really makes sense where a site tightly controls what principals exist because some services accept any authentication as authorization ]
- Greg
- new proposal: knob to allow local TGS only with anon client, to ease deployment of FAST