Difference between revisions of "Release Meeting Minutes/2013-06-11"
From K5Wiki
(New page: {{minutes|2013}} Shawn Emery, Greg Hudson, Ben Kaduk, Nathaniel McCallum, Zhanna Tsitkov, Nico Williams, Tom Yu ==Companion daemon== ;Nathaniel: Worst case it drops off face of earth. R...) |
(No difference)
|
Latest revision as of 15:44, 13 June 2013
Shawn Emery, Greg Hudson, Ben Kaduk, Nathaniel McCallum, Zhanna Tsitkov, Nico Williams, Tom Yu
Companion daemon
- Nathaniel
- Worst case it drops off face of earth. Reject to client. Should somehow signal client to retry.
- Greg
- RADIUS server might not be a companion daemon.
- Nathaniel
- Local will always give an immediate error. libkrad will attempt to retry.
- Tom
- KDC_ERR_SVC_UNAVAILABLE
- Nathaniel
- Requirement to put sockets in /run (from SELinux)
- Greg
- Open to configure option for /run, maybe try to add autodetect
- Shawn
- More authorization checks for S4U2Self... limit proxy princ deleg for specific clients. [ Probably really need this in S4U2Proxy ]
- Greg
- Write a project page. LDAP back end can check but ignores client principal. [ this would be a new capability ]
- Nico
- Have wanted this too.
Zero-component principals
- Nico
- Question on KITTEN list re zero-length (zero component) principals... want to steal syntax to specify realm alone GSS name type for naming realms. Form would be "@REALMNAME". Heimdal apparently gives you a single-component principal whose content is "@" in that case.
OTP
- Nathaniel
- Greg, have working tests. Forward slash determines file vs (literal) password for secret.
- Greg
- Maybe we can have a default directory.