more ldap concerns
Will Fiveash
William.Fiveash at sun.com
Mon Jun 5 17:51:10 EDT 2006
On Fri, Jun 02, 2006 at 06:28:19PM -0400, Ken Raeburn wrote:
> On Jun 2, 2006, at 17:18, Jeffrey Hutzelman wrote:
> >> then the code uses an internal version of the
> >>enctype parameter to determine what enctypes to use. This is good
> >>because if the code is updated to support new enctypes, the k*.conf
> >>files do not have to change. If you are specifying these
> >>parameters in
> >>various objects in the directory by default you are limiting the krb
> >>code and possibly creating more work for the admin. I don't think
> >>the
> >>enctype parameters should be instantiated by default, only if the
> >>admin
> >>specifies the parameter settings via the command line.
> >
> >I question the utility of setting these parameters in the directory
> >at all.
> >KDC configuration is not directory information.
>
> Things like this would presumably be per-realm configuration, not per-
> KDC configuration.
> Though, in fact, I don't think it's anything the KDC even looks at;
> I'm not sure where in the code this list (or the "default enctype"
> for the realm, a term that bothers me) is used. So I'm not sure what
> it's intended for...
I saw that also with cscope. I'd also like to know what the realm
default enctype is used for (what current kdc.conf realm stanza
parameter does is map to?).
--
Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
More information about the krbdev
mailing list