Difference between revisions of "Release Meeting Minutes/2013-01-29"
From K5Wiki
(New page: {{minutes|2013}} David Benjamin, Greg Hudson, Ben Kaduk, Simo Sorce, Zhanna Tsitkov, Tom Yu Tom is having trouble with kadmin/$host again in tests/dejagnu. ;Simo: getaddrinfo fails? ;S...) |
(No difference)
|
Latest revision as of 16:14, 30 January 2013
David Benjamin, Greg Hudson, Ben Kaduk, Simo Sorce, Zhanna Tsitkov, Tom Yu
Tom is having trouble with kadmin/$host again in tests/dejagnu.
- Simo
- getaddrinfo fails?
- Simo
- Python krb5 wrappers. Quite bad. get_cc_name with DIR ccache causes problems. Might see more complaints from people who assume ccaches are always FILE ccaches.
- Tom
- Can we do anything other than education to try to help?
- Simo
- Only reason to get file path is to copy file etc.
- Greg
- KDC name types -- prefer to make "is_referral" correctly flag referral, but that would clear forwardable flag on returned ticket for direct cross-realm unless ok-as-delegate flag set on principal, but only for S4U2Self.
- Ben
- Remove compile-time DNS lookup conditionals (ifdefs).
- Greg
- ifdefs needed for non-WSHelper builds on Windows. ... probably OK [ we bundle WSHelper now on Windows ]
- Simo
- Cross-realm using S4U2Proxy? Auth_signticket?
- Greg
- Probably work with target realm [ allowed-to-delegate-to in LDAP backend ] intermediate and target not in same realm. Microsoft didn't originally allow this. They later added deleg-from attribute.
- Tom
- Two possible ways: (1) intermediate service gets cross-realm TGT for itself, then does S4U2Proxy against target realm. (2) intermediate service does S4U2Proxy against its own realm, then does normal cross-realm while impersonating the client.
Some talk about The Plan (RDNS problems).
- Greg
- We should more strongly recommend that people set "rdns=false".