Release Meeting Minutes/2013-02-12
From K5Wiki
< Release Meeting Minutes
Revision as of 13:17, 13 February 2013 by TomYu (talk | contribs) (New page: {{minutes|2013}} David Benjamin, Thomas Hardjono, Greg Hudson, Ben Kaduk, Simo Sorce, Zhanna Tsitkov, Tom Yu ;Greg: Started work on auth_to_local interface. Want to fix some existing beha...)
David Benjamin, Thomas Hardjono, Greg Hudson, Ben Kaduk, Simo Sorce, Zhanna Tsitkov, Tom Yu
- Greg
- Started work on auth_to_local interface. Want to fix some existing behavior. Can't distinguish different realms. Also a problem when using regex-based rules.
- Greg
- Probably will leave things alone in case someone depends on it, and document behavior.
- Tom
- git.mit.edu firewalled from off-campus soon.
Some discussion about CAMMAC. What purpose does a KDC MAC serve? Detached verification? Some people (Sam?) are skeptical about detached verification. Do we want something like ad-signedpath? What bits to sign?
- Tom
- S4U2Proxy -- CAMMAC as it currently exists is probably good enough to allow supporting it in the future. (e.g., could define a new authorization data type that MACs most of the content of the ticket, and put that in the CAMMAC.) So what is the minimum binding component?
- Simo
- cname, authtime, endtime -- to support detached verification.
- Tom
- Do you actually need detached verification?
- Simo
- Can probably use GSS proxy, but would like the option if needed in the future.
- Tom
- Will get text to you later this week.