krb5-sync 1.2 released

Russ Allbery rra at stanford.edu
Wed May 28 16:47:18 EDT 2008


Matthew Andrews <matt at slackers.net> writes:

> has anyone attempted to use the patch included in this with newer MIT
> kerberos releases? I'm particularly interested in 1.6.1 with RHEL5
> patches, but if someone has tried this with a similar vintage krb5 I'd
> expect it to be helpful.

I personally haven't looked at it at all.  I'm not sure when I'll get a
chance to do so; we're fairly happy with 1.4, and haven't yet seen a lot
of reason to upgrade to 1.6 (and have seen some issues with 1.6 around
changes related to referrals that make us want to carefully plan
upgrades).  I expect we'll upgrade to 1.6 as part of upgrading our KDCs
from etch to lenny, sometime after the Debian lenny release.

The long-term goal is to add a plugin system to MIT kadmind using the new
plugin support code in 1.6 and later, allowing krb5-sync to just provide a
plugin and not provide a patch.  I put together a proposal for this, but
it has a bunch of unanswered questions and I haven't had time to work on
it further.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list