logo_kerberos.gif

Release Meeting Minutes/2011-11-01

From K5Wiki
< Release Meeting Minutes
Revision as of 12:06, 3 November 2011 by TomYu (talk | contribs) (New page: {{minutes|2011}} Jozsef Doczi, Will Fiveash, Thomas Hardjono, Greg Hudson, Simo Sorce, Zhanna Tsitkova, Tom Yu ==GSS proxy== ;Simo: Updates about GSS proxy. ;Simo: At conference, lots of...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Jozsef Doczi, Will Fiveash, Thomas Hardjono, Greg Hudson, Simo Sorce, Zhanna Tsitkova, Tom Yu

GSS proxy

Simo
Updates about GSS proxy.
Simo
At conference, lots of people have some problems that could use GSS proxy. Linux-NFS, Solaris. gssd. Linux-NFS wants to clean up its gssd interfaces. Multiple apps that have to share the same keytab; people want to isolate them from using the key directly. Maybe ssh-agent-like: proxy all the way back to the original client. Agreeing on protocol would make things easier.
Tom
Solaris gssd?
Simo
Solaris version of gssd is more advanced. Trying to organize some conference calls.
Simo
Nico is also interested. Only way to use same protocol everywhere is to use rpcgen etc.
Tom
Rather not adopt an intermediate TIRPC (e.g. Linux-NFS version). The one in Solaris might have better async and thread support.
Simo
Trying to do sooner rather than later. Also discuss with Nico how/where to hack things into mechglue.

Interop followup

Simo
Glad Greg found the AES preauth thing.
Greg
Uncovered some interop issues and straight-up bugs.
Will
Found a couple of issues...
Tom
Diffie-Hellman pkinit interop issue.
Will
When tracking interop-related bugs, maybe label as interop issues in RT.
Simo
International hostnames in principals?
Greg
No obvious answer. e.g., what does IE do w.r.t. host lookups in DNS? vs in SSPI? Your resources for experiments are probably better.
Simo
Will ask around.

krb5-1.10

Tom
Have branch, alpha snapshot...