Release Meeting Minutes/2015-03-10
From K5Wiki
Rob Campanella, Thomas Hardjono, Greg Hudson, Ben Kaduk, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkov, Nico Williams, Tom Yu
Contents
Larger key versions
See Projects/Larger key versions.
- Greg
- kvno -- thought it would be simple, but turned out harder. 8-bit in keytab and kadm5 protocol, but 16-bit in KDB. kvno 0 is a special case in the DBE stuff, and ASN.1 encoders omit it.
- Nico
- Your proposal seems OK. Please record keyset creation time.
Some discussion; such metadata are already being considered for some KDB data model renormalization.
Solaris 10 segfault
When explicit normal salt is sent to a Solaris 10 client in PA-ETYPE-INFO2, the client can segfault.
- Greg
- Introduced in 1.7 but not effective until 1.11, due to some code masking the change.
gss_acquire_cred_with_password
- Greg
- In the Luke Howard implementation, creds get stored to memory ccache. Made change to use default cache. Heimdal matches MIT.
Nico explains about how Solaris had the same semantic as Luke originally implemented; existing MIT and Heimdal behavior is incompatible. Discussion about what constitutes a reasonable side effect in GSSAPI.
Nico wants acq_cred_with_password to have the same behavior as with delegated creds.
KDC discovery
- Nathaniel
- Please give feedback on the KDC service discovery draft in KITTEN.