rpcsec_gss, kadmind service principal, etc.

Sam Hartman hartmans at MIT.EDU
Wed Dec 11 15:02:01 EST 2002

Hi.  We discussed your concerns about kadmin/admin vs kadmin/fqdn at
today's group meeting.

We failed to come to a consensus to disagree with your proposed
action--that is, various things made us feel uncomfortable about the
changes, but uncomfortable isn't strong enough to actually object.

As such, using the Sun behavior seems reasonable.  This will cause us
to lose the ability for expired passwords to be changed using the RPC
based protocol, but that seems acceptable.

We believe we can work around kadmin/fqdn for multi-master sites if we
ever get there.

You can probably modify the unit tests to call clients/kpasswd instead
of kadmin/kpasswd.

More information about the krbdev mailing list