[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal 0.1d patches: verbose hprop -K, kaserver switch, keytab fallback

"Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net> writes:
> Okay, as promised, here's some patches against 0.1d.
> * hprop -K (kaserver.DB0 conversion) reports the failing principal in failed
>   conversions.  (My original patches also reported every principal being
>   dumped, but I decided I didn't need that any more; 0.0u didn't report
>   failing principals at all, just the fact that the conversion failed.)

Ok, I've added your patch.

> * If KASERVER is defined (--enable-kaserver configure flag), kdc accepts a
>   new flag -K / --enable-kaserver (and corresponding krb5.conf option).
>   (Note that this defaults off, instead of on as in an unpatched kdc.)
>   The main reason for this option is so that heimdal's KDC can be run in
>   parallel with an existing kaserver in order to transfer the kaserver.DB0
>   before shutting down the kaserver and bringing up kdc as a kaserver.

I've added that patch as well.  The only thing I'm not sure about is
what should be the default if you build your kdc with kaserver
support.  Changing it to be disabled by default sounds like a silent
change in functionality, and I'm not sure what people that actually
use the kaserver want to have.

> * 0.1d uses only the first enctype in the list of default enctypes (this is
>   des3-cbc-sha1 by default) to attempt to match keytab entries.  This patch
>   causes it to iterate over the list of default enctypes instead.


Thanks again for your patches.