Difference between revisions of "Release Meeting Minutes/2012-02-14"
From K5Wiki
(New page: {{minutes|2012}} Will Fiveash, Carlos Garay, Thomas Hardjono, Greg Hudson, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkova, Tom Yu == DLL Hell == ;Greg: Use -Bgroup or RTLD_DEEPBIND on L...) |
(No difference)
|
Latest revision as of 15:31, 20 February 2012
Will Fiveash, Carlos Garay, Thomas Hardjono, Greg Hudson, Nathaniel McCallum, Simo Sorce, Zhanna Tsitkova, Tom Yu
DLL Hell
- Greg
- Use -Bgroup or RTLD_DEEPBIND on Linux
- Will
- sshd on Solaris links gss but dlopens krb5. no RTLD_GROUP in libpam source on Solaris.
- Greg
- RTLD_GROUP is unfriendly to module developers; they have to do extra work.
- Tom
- Could try making glibc devs fix it.
- Simo
- SSSD only depends on libc. Pipes to other stuff.
- Tom
- Document this mess?
- Greg
- Maybe on the wiki.
- Tom
- Could clean up my minimal test case to demo problem.
- Will
- Where is RTLD_GROUP checked?
- Tom
- If dlfcn.h has it, we assume it works.
krb5-1.11 planning
- Greg
- Preauth sets? No existing plan for 1.11. 3 pieces:
- FAST cookies
- Flexible KDC configuration for preauth requirements per principal
- Actual preauth sets
- Greg
- OTP uses the armor key as reply key. In some ways this is weaker than SAM2 with password.
- Nathaniel
- collect-pin / do-not-collect-pin / separate-pin-required. Separate means 2 prompts. Insert into otp-pin / otp-value fields. collect-pin -- PIN will always be part of key generation. Think PIN should always be included.