referrals in 1.6
Sam Hartman
hartmans at MIT.EDU
Tue Feb 27 10:54:40 EST 2007
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at Sun.COM> writes:
Nicolas> On Tue, Feb 27, 2007 at 10:01:09AM -0500, Sam Hartman wrote:
>> The question of what to do about extra TGS reqs is going to be the big
>> one in whether MIT will accept various zeroconf proposals etc. I'm
>> really concerned about the performance of KDC requests and DNS traffic
>> especially on cell phone links.
>>
>> In the 1.7 planning call no one else expressed this concern,but in
>> practice I'e found Kerberos is hard to use over a cell phone.
Nicolas> It sounds like you'd want a compile-time switch for default behaviour.
Nicolas> That's certainly reasonable. It's not yet clear that it would be
Nicolas> reasonable to exclude support for a configuration knob for selecting
Nicolas> service principal name/realm canonicalization methods.
It's basically our policy to avoid compile-time switches. That was
something Marshall was very firm about; he's no longer around and we
could evaluate whether the reasons for that policy still apply.
however I don't think a compile time switch is a good fit for
something that basically depends on network connectivity and
characteristics of the realm you are interacting with.
--Sam
More information about the krbdev
mailing list