logo_kerberos.gif

Release Meeting Minutes/2013-01-29

From K5Wiki
< Release Meeting Minutes
Revision as of 17:14, 30 January 2013 by TomYu (talk | contribs) (New page: {{minutes|2013}} David Benjamin, Greg Hudson, Ben Kaduk, Simo Sorce, Zhanna Tsitkov, Tom Yu Tom is having trouble with kadmin/$host again in tests/dejagnu. ;Simo: getaddrinfo fails? ;S...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


David Benjamin, Greg Hudson, Ben Kaduk, Simo Sorce, Zhanna Tsitkov, Tom Yu

Tom is having trouble with kadmin/$host again in tests/dejagnu.

Simo
getaddrinfo fails?
Simo
Python krb5 wrappers. Quite bad. get_cc_name with DIR ccache causes problems. Might see more complaints from people who assume ccaches are always FILE ccaches.
Tom
Can we do anything other than education to try to help?
Simo
Only reason to get file path is to copy file etc.
Greg
KDC name types -- prefer to make "is_referral" correctly flag referral, but that would clear forwardable flag on returned ticket for direct cross-realm unless ok-as-delegate flag set on principal, but only for S4U2Self.
Ben
Remove compile-time DNS lookup conditionals (ifdefs).
Greg
ifdefs needed for non-WSHelper builds on Windows. ... probably OK [ we bundle WSHelper now on Windows ]
Simo
Cross-realm using S4U2Proxy? Auth_signticket?
Greg
Probably work with target realm [ allowed-to-delegate-to in LDAP backend ] intermediate and target not in same realm. Microsoft didn't originally allow this. They later added deleg-from attribute.
Tom
Two possible ways: (1) intermediate service gets cross-realm TGT for itself, then does S4U2Proxy against target realm. (2) intermediate service does S4U2Proxy against its own realm, then does normal cross-realm while impersonating the client.

Some talk about The Plan (RDNS problems).

Greg
We should more strongly recommend that people set "rdns=false".