Release Meeting Minutes/2013-01-29
David Benjamin, Greg Hudson, Ben Kaduk, Simo Sorce, Zhanna Tsitkov, Tom Yu
Tom is having trouble with kadmin/$host again in tests/dejagnu.
- getaddrinfo fails?
- Python krb5 wrappers. Quite bad. get_cc_name with DIR ccache causes problems. Might see more complaints from people who assume ccaches are always FILE ccaches.
- Can we do anything other than education to try to help?
- Only reason to get file path is to copy file etc.
- KDC name types -- prefer to make "is_referral" correctly flag referral, but that would clear forwardable flag on returned ticket for direct cross-realm unless ok-as-delegate flag set on principal, but only for S4U2Self.
- Remove compile-time DNS lookup conditionals (ifdefs).
- ifdefs needed for non-WSHelper builds on Windows. ... probably OK [ we bundle WSHelper now on Windows ]
- Cross-realm using S4U2Proxy? Auth_signticket?
- Probably work with target realm [ allowed-to-delegate-to in LDAP backend ] intermediate and target not in same realm. Microsoft didn't originally allow this. They later added deleg-from attribute.
- Two possible ways: (1) intermediate service gets cross-realm TGT for itself, then does S4U2Proxy against target realm. (2) intermediate service does S4U2Proxy against its own realm, then does normal cross-realm while impersonating the client.
Some talk about The Plan (RDNS problems).
- We should more strongly recommend that people set "rdns=false".