logo_kerberos.gif

Release Meeting Minutes/2010-02-09

From K5Wiki
< Release Meeting Minutes(Difference between revisions)
Jump to: navigation, search
 
Line 1: Line 1:
  +
{{minutes|2010}}
 
Bob Relyea, Thomas Hardjono, Greg Hudson, Zhanna Tsitkova, Tom Yu, Simo Sorce, Will Fiveash, Sam Hartman
 
Bob Relyea, Thomas Hardjono, Greg Hudson, Zhanna Tsitkova, Tom Yu, Simo Sorce, Will Fiveash, Sam Hartman
   

Latest revision as of 18:28, 3 January 2011


Bob Relyea, Thomas Hardjono, Greg Hudson, Zhanna Tsitkova, Tom Yu, Simo Sorce, Will Fiveash, Sam Hartman

Sam has fix for enc_padata issue

remaining 1.8 issues -- bug reports from Likewise; kadmin history; enc_padata; ssh ticket forwarding weirdness

anonymous pkinit doc? -- some stuff, not yet in TeXinfo

Lockout is documented in kadmin policy help strings, not elsewhere yet.

Debian bug for LDAP fd leak.

Debian bug on Firefox performance doing SPNEGO -- Simo says RHAT saw Firefox doing lots of DNS when doing krb auth. Suggestion that we use plugins to talk to browser, OS DNS caching

Will Fiveash
customer wants HW_AUTHENT set when getting tickets with pkinit with smart cards

Discussion re Level of Assurance, etc., whether IETF krb-wg would be willing to standardize such an extension. Probably, but there might be concerns about the U.S.-centric nature of such an extension.

Will Fiveash
pam_krb5 with pkinit. The pkinit plugin is ignoring password argument.

Some debate about how to best deal with this, whether the password argument should be treated as a token PIN, how to avoid having the token lock out if the wrong token-PIN pairing occurs, etc. Sam suggests a generic interface using prompt types, etc.

Personal tools