[Kdc-info] prelim draft of kdc information model

[Sam Hartman]

>>>>> "Jeffrey" == Jeffrey Hutzelman <jhutz at cmu.edu> writes:

    Jeffrey> On Mon, 14 Jul 2003, Sam Hartman wrote:
    >> 2) Don't I want to be able to configure the enctypes and
    >> salttypes that future password changes will use per principal
    >> as well?

    Jeffrey> Yes, you probably do.  This saves the user or
    Jeffrey> administrator from having to explicitly specify a list of
    Jeffrey> enctypes each time the password is changed.  This is
    Jeffrey> particularly important with regard to service principals,
    Jeffrey> where the set of enctypes for which there are keys in the
    Jeffrey> KDC must match that supported by the server software.

I'd actually argue that it is particularly unimportant for server
software, where in an ideal world the application server's library
will rekey to only those keys it supports guaranteeing this match.