[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Turning off hostname canonicalisation

>Ken has choosen to treat the krb5.conf file as the configuration file
>for applications he bundles with Kerberos.   The choice of options that
>he uses are a site local issue provided that they do not conflict with
>the namespace used by the Kerberos libraries.   I believe that all we
>need to do is document (whenever we get around to documenting anything)
>that [appdefault] is an unmanaged name space that does not impact the
>behavior of the Kerberos libraries when used by applications.

That's fine with me.  I've explicitly tried not to put anything in
[appdefaults] that affects the behavior of the Kerberos library (in
fact, I am pretty sure that nothing that I have in krb5.conf affects
the behavior of the Kerberos library).  I used to use some stuff that
would change default ticket lifetimes, but even that code wasn't parsed
by the Kerberos library, but instead by programs like kinit.