Release Meeting Minutes/2011-11-01

Jozsef Doczi, Will Fiveash, Thomas Hardjono, Greg Hudson, Simo Sorce, Zhanna Tsitkova, Tom Yu

GSS proxy

Simo: Updates about GSS proxy.
Simo: At conference, lots of people have some problems that could use GSS proxy. Linux-NFS, Solaris. gssd. Linux-NFS wants to clean up its gssd interfaces. Multiple apps that have to share the same keytab; people want to isolate them from using the key directly. Maybe ssh-agent-like: proxy all the way back to the original client. Agreeing on protocol would make things easier.
Tom: Solaris gssd?
Simo: Solaris version of gssd is more advanced. Trying to organize some conference calls.
Simo: Nico is also interested. Only way to use same protocol everywhere is to use rpcgen etc.
Tom: Rather not adopt an intermediate TIRPC (e.g. Linux-NFS version). The one in Solaris might have better async and thread support.
Simo: Trying to do sooner rather than later. Also discuss with Nico how/where to hack things into mechglue.

Simo: Glad Greg found the AES preauth thing.
Greg: Uncovered some interop issues and straight-up bugs.
Will: Found a couple of issues...
Tom: Diffie-Hellman pkinit interop issue.
Will: When tracking interop-related bugs, maybe label as interop issues in RT.
Simo: International hostnames in principals?
Greg: No obvious answer. e.g., what does IE do w.r.t. host lookups in DNS? vs in SSPI? Your resources for experiments are probably better.
Simo: Will ask around.