more ldap concerns
Sam Hartman
hartmans at MIT.EDU
Sun Jun 4 12:21:39 EDT 2006
>>>>> "Jeffrey" == Jeffrey Hutzelman <jhutz at cmu.edu> writes:
Jeffrey> I question the utility of setting these parameters in the
Jeffrey> directory at all. KDC configuration is not directory
Jeffrey> information.
Jeffrey> -- Jeff _______________________________________________
Jeffrey> krbdev mailing list krbdev at mit.edu
Jeffrey> https://mailman.mit.edu/mailman/listinfo/krbdev
We believe that setting per-realm configuration in the directory is
entirely reasonable as unlike the kdc configuration files the database
will be replicated.
I'm not sure what I think of the argument about whether this should be
set by default.
I tend to agree that supporting automatic upgrade of enctypes as new
code is deployed would be nice. However having enctypes supported by
default that are not on the krbtgt principal is not all that useful.
--Sam
More information about the krbdev
mailing list