[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Design Questions for Adding PTserver Support

To: heimdal-discuss@sics.se
Subject: Design Questions for Adding PTserver Support
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Thu, 20 Jan 2005 15:46:46 -0800
Sender: owner-heimdal-discuss@sics.se

I've got some patches to make the kafs lib in Heimdal do the pt server  
exchange to get the right uid for the AFS token.  I'm not satisfied  
that I'm doing the right thing for error handling though.

The default is to use the local Unix uid for the token, but several  
app's seem to use some other information to supply the uid to use.   
ftpd, for example, pulls the uid out of a password file entry.  Is it  
worth hacking on the API in order to preserve these values as backups  
in case the ptserver doesn't respond?  (I'm hoping the answer is no,  
but I think the answer is yes.)

Second issue:  is there an Arla equivalent to pr_Initialize() that does  
the whole parse-the-CellServDB-or-AFSDB-DNS-records-and-use-UBIK  
business?

As long as I'm asking questions:  Anyone know when 0.7 will be  
released?  I'd kind of like to get an "official release" that supports  
AES (and PKINIT if possible).
------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Follow-Ups:
- Re: Design Questions for Adding PTserver Support
  - From: Love <lha@stacken.kth.se>

Prev by Date: kinit fails against W2k3 server
Next by Date: Way to convert from heimdal principal database to standard Kerberos?
Prev by thread: Re: kinit fails against W2k3 server
Next by thread: Re: Design Questions for Adding PTserver Support
Index(es):
- Date
- Thread