logo_kerberos.gif

Release Meeting Minutes/2010-02-09

From K5Wiki
Jump to: navigation, search

Bob Relyea, Thomas Hardjono, Greg Hudson, Zhanna Tsitkova, Tom Yu, Simo Sorce, Will Fiveash, Sam Hartman

Sam has fix for enc_padata issue

remaining 1.8 issues -- bug reports from Likewise; kadmin history; enc_padata; ssh ticket forwarding weirdness

anonymous pkinit doc? -- some stuff, not yet in TeXinfo

Lockout is documented in kadmin policy help strings, not elsewhere yet.

Debian bug for LDAP fd leak.

Debian bug on Firefox performance doing SPNEGO -- Simo says RHAT saw Firefox doing lots of DNS when doing krb auth. Suggestion that we use plugins to talk to browser, OS DNS caching

Will Fiveash
customer wants HW_AUTHENT set when getting tickets with pkinit with smart cards

Discussion re Level of Assurance, etc., whether IETF krb-wg would be willing to standardize such an extension. Probably, but there might be concerns about the U.S.-centric nature of such an extension.

Will Fiveash
pam_krb5 with pkinit. The pkinit plugin is ignoring password argument.

Some debate about how to best deal with this, whether the password argument should be treated as a token PIN, how to avoid having the token lock out if the wrong token-PIN pairing occurs, etc. Sam suggests a generic interface using prompt types, etc.