more ldap concerns
Jeffrey Hutzelman
jhutz at cmu.edu
Fri Jun 2 17:18:45 EDT 2006
On Friday, June 02, 2006 04:13:22 PM -0500 Will Fiveash
<William.Fiveash at sun.com> wrote:
> The way the k*.conf enctype parameters work now is that if they are not
> set in the k*.conf file
... which, for supported enctypes, should almost always be the case...
> then the code uses an internal version of the
> enctype parameter to determine what enctypes to use. This is good
> because if the code is updated to support new enctypes, the k*.conf
> files do not have to change. If you are specifying these parameters in
> various objects in the directory by default you are limiting the krb
> code and possibly creating more work for the admin. I don't think the
> enctype parameters should be instantiated by default, only if the admin
> specifies the parameter settings via the command line.
I question the utility of setting these parameters in the directory at all.
KDC configuration is not directory information.
-- Jeff
More information about the krbdev
mailing list