Difference between revisions of "Release Meeting Minutes/2010-02-09"
(New page: Bob Relyea, Thomas Hardjono, Greg Hudson, Zhanna Tsitkova, Tom Yu, Simo Sorce, Will Fiveash, Sam Hartman Sam has fix for enc_padata issue remaining 1.8 issues -- bug reports from Likewis...) |
|||
| Line 11: | Line 11: | ||
Debian bug for LDAP fd leak. |
Debian bug for LDAP fd leak. |
||
| − | ... |
||
| + | Debian bug on Firefox performance doing SPNEGO -- Simo says RHAT saw Firefox doing lots of DNS when doing krb auth. Suggestion that we use plugins to talk to browser, OS DNS caching |
||
| + | |||
| + | ;Will Fiveash: customer wants HW_AUTHENT set when getting tickets with pkinit with smart cards |
||
| + | |||
| + | Discussion re Level of Assurance, etc., whether IETF krb-wg would be willing to standardize such an extension. Probably, but there might be concerns about the U.S.-centric nature of such an extension. |
||
| + | |||
| + | ;Will Fiveash: pam_krb5 with pkinit. The pkinit plugin is ignoring password argument. |
||
| + | |||
| + | Some debate about how to best deal with this, whether the password argument should be treated as a token PIN, how to avoid having the token lock out if the wrong token-PIN pairing occurs, etc. Sam suggests a generic interface using prompt types, etc. |
||
Revision as of 17:02, 9 February 2010
Bob Relyea, Thomas Hardjono, Greg Hudson, Zhanna Tsitkova, Tom Yu, Simo Sorce, Will Fiveash, Sam Hartman
Sam has fix for enc_padata issue
remaining 1.8 issues -- bug reports from Likewise; kadmin history; enc_padata; ssh ticket forwarding weirdness
anonymous pkinit doc? -- some stuff, not yet in TeXinfo
Lockout is documented in kadmin policy help strings, not elsewhere yet.
Debian bug for LDAP fd leak.
Debian bug on Firefox performance doing SPNEGO -- Simo says RHAT saw Firefox doing lots of DNS when doing krb auth. Suggestion that we use plugins to talk to browser, OS DNS caching
- Will Fiveash
- customer wants HW_AUTHENT set when getting tickets with pkinit with smart cards
Discussion re Level of Assurance, etc., whether IETF krb-wg would be willing to standardize such an extension. Probably, but there might be concerns about the U.S.-centric nature of such an extension.
- Will Fiveash
- pam_krb5 with pkinit. The pkinit plugin is ignoring password argument.
Some debate about how to best deal with this, whether the password argument should be treated as a token PIN, how to avoid having the token lock out if the wrong token-PIN pairing occurs, etc. Sam suggests a generic interface using prompt types, etc.
