https://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2013-06-11&feed=atom&action=historyRelease Meeting Minutes/2013-06-11 - Revision history2024-03-28T08:49:20ZRevision history for this page on the wikiMediaWiki 1.27.4https://k5wiki.kerberos.org/wiki?title=Release_Meeting_Minutes/2013-06-11&diff=5139&oldid=prevTomYu: New page: {{minutes|2013}} Shawn Emery, Greg Hudson, Ben Kaduk, Nathaniel McCallum, Zhanna Tsitkov, Nico Williams, Tom Yu ==Companion daemon== ;Nathaniel: Worst case it drops off face of earth. R...2013-06-13T20:44:53Z<p>New page: {{minutes|2013}} Shawn Emery, Greg Hudson, Ben Kaduk, Nathaniel McCallum, Zhanna Tsitkov, Nico Williams, Tom Yu ==Companion daemon== ;Nathaniel: Worst case it drops off face of earth. R...</p>
<p><b>New page</b></p><div>{{minutes|2013}}<br />
<br />
Shawn Emery, Greg Hudson, Ben Kaduk, Nathaniel McCallum, Zhanna Tsitkov, Nico Williams, Tom Yu<br />
<br />
==Companion daemon==<br />
<br />
;Nathaniel: Worst case it drops off face of earth. Reject to client. Should somehow signal client to retry.<br />
<br />
;Greg: RADIUS server might not be a companion daemon.<br />
<br />
;Nathaniel: Local will always give an immediate error. libkrad will attempt to retry.<br />
<br />
;Tom: KDC_ERR_SVC_UNAVAILABLE<br />
<br />
;Nathaniel: Requirement to put sockets in /run (from SELinux)<br />
<br />
;Greg: Open to configure option for /run, maybe try to add autodetect<br />
<br />
;Shawn: More authorization checks for S4U2Self... limit proxy princ deleg for specific clients. [ Probably really need this in S4U2Proxy ]<br />
<br />
;Greg: Write a project page. LDAP back end can check but ignores client principal. [ this would be a new capability ]<br />
<br />
;Nico: Have wanted this too.<br />
<br />
==Zero-component principals==<br />
<br />
;Nico: Question on KITTEN list re zero-length (zero component) principals... want to steal syntax to specify realm alone GSS name type for naming realms. Form would be "@REALMNAME". Heimdal apparently gives you a single-component principal whose content is "@" in that case.<br />
<br />
==OTP==<br />
<br />
;Nathaniel: Greg, have working tests. Forward slash determines file vs (literal) password for secret.<br />
<br />
;Greg: Maybe we can have a default directory.</div>TomYu