Turning off hostname canonicalisation
Donn Cave
donn at u.washington.edu
Wed Sep 14 12:21:36 EDT 2005
On Sep 13, 2005, at 7:50 AM, Ken Hornstein wrote:
>> Today, applications have their own configuration files. That is
>> where
>> their Kerberos configuration information should be stored.
>>
>
> My only comment: the applications I distribute today on Unix systems
> to users don't have their own configuration files, and I don't see a
> practical alternative to [appdefaults].
Could be more or less inevitable, given the currently
popular layered authentication model - application uses
SASL, which uses GSSAPI, which uses Kerberos 5, and each
layer strives to keep the application as much in the
dark as possible about what it's doing.
Of course the layers aren't completely waterproof in practice,
but in principle application developers would be led to
think that Kerberos configuration is sort of not their business.
Donn Cave, donn at u.washington.edu
More information about the krbdev
mailing list