Release Meeting Minutes/2010-11-23

From K5Wiki

< Release Meeting Minutes

Revision as of 12:30, 30 November 2010 by TomYu (talk | contribs) (New page: Greg Hudson, Thomas Hardjono, Tom Yu, Zhanna Tsitkova, Simo Sorce, Sam Hartman anon-pkinit issue. ;Greg: start new conversation on krb-wg about authorization issue, e.g. whether KDC poli...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Greg Hudson, Thomas Hardjono, Tom Yu, Zhanna Tsitkova, Simo Sorce, Sam Hartman

anon-pkinit issue.

Greg: start new conversation on krb-wg about authorization issue, e.g. whether KDC policy can restrict what tickets it issues -- already exists for things like requires_preauth

Tom: RFC 1510, RFC 4120 say to not use ticket issuance as authorization.

Simo: service can allow all principals, including cross-realm

Greg: add text excepting anonymous from standard ticket issuance/authorization model [ look whether anonymous creation of host principals really makes sense where a site tightly controls what principals exist because some services accept any authentication as authorization ]

Greg: new proposal: knob to allow local TGS only with anon client, to ease deployment of FAST

Retrieved from "https://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2010-11-23&oldid=3685"

Navigation menu