Release Meeting Minutes/2010-02-09
Bob Relyea, Thomas Hardjono, Greg Hudson, Zhanna Tsitkova, Tom Yu, Simo Sorce, Will Fiveash, Sam Hartman
Sam has fix for enc_padata issue
remaining 1.8 issues -- bug reports from Likewise; kadmin history; enc_padata; ssh ticket forwarding weirdness
anonymous pkinit doc? -- some stuff, not yet in TeXinfo
Lockout is documented in kadmin policy help strings, not elsewhere yet.
Debian bug for LDAP fd leak.
Debian bug on Firefox performance doing SPNEGO -- Simo says RHAT saw Firefox doing lots of DNS when doing krb auth. Suggestion that we use plugins to talk to browser, OS DNS caching
- Will Fiveash
- customer wants HW_AUTHENT set when getting tickets with pkinit with smart cards
Discussion re Level of Assurance, etc., whether IETF krb-wg would be willing to standardize such an extension. Probably, but there might be concerns about the U.S.-centric nature of such an extension.
- Will Fiveash
- pam_krb5 with pkinit. The pkinit plugin is ignoring password argument.
Some debate about how to best deal with this, whether the password argument should be treated as a token PIN, how to avoid having the token lock out if the wrong token-PIN pairing occurs, etc. Sam suggests a generic interface using prompt types, etc.