New "feature" for Kerberos?
donn at u.washington.edu
Tue Nov 12 13:44:00 EST 2002
Quoth John Hascall <john at iastate.edu>:
| Random thoughts:
| + Obviously, this requires the REQUIRES_PRE_AUTH attribute,
| and ./configure --with-kdc-kdb-update
That has been the kicker when anything has come up around here involving
attempt histories. Everyone likes the idea that the KDC database mostly
reads and rarely writes, and no one wants to turn that around.
And then we have multiple KDCs, which would have to be taken into account.
It's like the solution we'd want is some kind of auxiliary database, that
the KDCs would talk to across the network on a secondary priority basis.
Which we already have, actually: syslog. Of course syslog isn't the
database you need all by itself, but the data is all there.
Donn Cave, donn at u.washington.edu
More information about the krbdev