[krbdev.mit.edu #1190] sane defaults for configuration files
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Sat May 31 00:16:35 EDT 2003
I think I've got it mostly covered now, enough to pull up changes:
Defaults Discussion:
- Remove all enctype related items
Done.
- add examples for the kdc logging
Done (commented out, or we'd probably break our own testing).
- Remove explicit configs for all but one realm. Thus move to DNS (for
example realm that supports it) and leave one example that explicitly
sets them
This meant just the "kdc =" configuration, right? Not removing all
configuration info for all but one realm? Done, though I swapped out
CLUB.CC.CMU.EDU for ANDREW.CMU.EDU (data from Athena's krb5.conf),
which has SRV records, so we can omit the "kdc =" bits and still be
accurate.
- Drop Cygnus.com
Done.
Changes to in code defaults:
- kdctimesyncflag to 1 on all platforms
- default ccache type to 4
- kdc default master key type will be 3DES
Done. Updated texinfo docs. Defaults not in man pages.
- Remove AES 256
Done a couple weeks ago.
- Max life change to 24 hours (one day)
Done, in client library code, and kadmin principal registration
defaults. Updated texinfo docs. Defaults not in man pages. (The
kinit man page actually lies, and says the default is configured by
site. It's compiled in, the libdefaults entry isn't used.)
- Max renewable change to one week.
The macro for max renewable life was already set this way, but wasn't
being used properly. Kadmin defaults to 0, not changed. Updated
texinfo docs.
- file a bug to Remove kdc_supported_enctypes (this may involve code
so need to investigate)
Ignoring this for now. Someone who can summon more context than I can
at the moment (like, why it's been decided that it definitely needs
removing, and whether we care about the functionality) can file it...
Ken
More information about the krb5-bugs
mailing list