Release Meeting Minutes/2012-04-24
Will Fiveash, Thomas Hardjono, Greg Hudson, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkov, Tom Yu
- Git migration in progress. krb5-test repository. expect some chance of partial/complete rewrite of history if we come across any critical problems (svn merge ticket can cause rebase to choke?) Tentative cutover is weekend of 2012-05-11.
- filter-branch? change parents, or reapply patchset.
- Is it a good idea to avoid filter-branch generally?
- It's easy to make disasters.
Branch office KDCs
- Reducing exposure in case branch office is taken over. Subset of keys? Probably read-only, but not necessarily. User gets TGT from branch office KDC, but talks to service not keyed by branch office KC. Use different TGT keys, also master key. Main KDC should have all branch office TGT keys.
- Microsoft uses kvno. Try to avoid high bit in kvno for interop reasons.
Greg and Simo discuss some alternatives, including branch office KDC having a protocol for wrapping the TGS-REQ/REP to/from the master on behalf of the client, or possibly acting simply as a packet forwarder.
- For requesting a TGT. Non-branch user wants TGT. Branch KDC can impersonate services to that user.
- Legitimate security concern. Subdomains of control -- minimizing impact of compromise. AD-style cross-realm invented to deal with this.
- Useful to have stable principal names. Also handling multiple realms not so greta. Don't want to make clients too smart... they're harder to update.
- IP addresses may need wrappers.
- Plugin for proxy wrapper for talking to master KDC.
- Any plugin interface for this is going to be complex itself.