Upcoming KfW 3.x ??
Jeff Blaine
jblaine at kickflop.net
Thu Jan 7 14:38:35 EST 2010
>> I'd love to be a tester, but unfortunately I need to run the
>> version our users have in order to troubleshoot things.
> Without being a tester, you won't be able to ensure that the next
> release works
> the way you want it to in your environment. Unless you are providing
> funding or
> some in-kind assistance in the development, why should I spend my time
> answering
> your e-mails when you have trouble?
I guess you shouldn't (?)
Perhaps you could explain Secure Endpoints' role in KFW
development? Last I heard from a link on your website,
MIT was hiring a full-time developer for KFW. Did that
not happen?
If I install NIMv2 and report in detail on what I find in
our environment, does that give me credits to use?
>> Aside, is there a reason for the 2-step credential obtaining
>> process where the account is 'checked' then one is given a
>> password text entry field? It's clunky to interact with.
> In NIM v1.x the account's existence is verified before prompting for a
> password in
> order to protect against users that typo the username or realm and
> created an
> identity in the database that in fact does not exist.
>
> In NIM v2, identities are created by a wizard that walks the user
> through the
> configuration of all applicable credential providers. After the
> identity is created
> the user simply selects one of the pre-configured ones instead of manually
> typing the username and realm each time. This change is both to
> improve usability
> but also to permit NIM v2 to be used with X.509 and Keystore identities in
> addition to Kerberos v5.
Great.
>> Another aside, what release will have krb4 cred obtaining
>> disabled by default?
>
> Any release you want. As I have said before, you can use a transform to
> configure
> the MSI installer to disable Kerberos v4. You can do this today
I am asking when the decision might be made to turn it off by
default in the master distribution, of course. I already saw
and read your previous response.
More information about the Kerberos
mailing list