1.7 planning: Collecting Projects to Estimate
William.Fiveash at sun.com
Wed Jan 31 17:06:58 EST 2007
Sun suggestions for MIT 1.7 seed projects:
- fallback admin server for multi-master
Support a list of systems for the admin_server krb5.conf parameter
with fallback behavior if a particular admin server does not
- ticket revocation
The ability to revoke TGTs issued prior to some point in time would
be good in the case of TGT compromise. The idea is that instead of
disabling someone's principal, the password/long term key could be
changed and a command to revoke current TGT's would be run. Nico
notes that this requires a protocol but I thought I'd bring it up
I also note that currently once a user has a TGT they can use that
to renew their TGT or acquire service tickets even if the user's
principal is expired or deleted from the KDB completely. I plan on
opening a bug on this.
- master key enctype migration
Support for changing the master key enctype and migrating the KDB
entries to be encrypted with the new key.
- safe default realm determination without DNS
By default, if there is no explicit realm config, use the local
host's domain information to determine the default realm by first
trying to locate a KDC for a realm based on all components of the
domain excluding the hostname (converting domain to all uppercase).
If the KDC is not found, remove a leftmost domain component and try
to locate a KDC for a realm based on that. The loop continues until
either a KDC is found or there is only one domain component left
(the realm requires a minimum of two components).
Example for foo.bar.sun.com: first an attempt to locate a KDC for
the realm BAR.SUN.COM would be made. If a KDC was not found then
the realm SUN.COM would be tried. If a KDC was still not found then
an error would be returned.
- login policy plugin support
Provide support for the KDC to use a login policy plugin to
determine if TGT should be issued and also log TGT issue success and
failures. The idea is this could allow vendor specific login policy
control over TGT issuance with the vendor specific code in an plugin
external to the KDC code. The KDC code modification would be a
plugin hook that the KDC would call before responding to a TGT
request and another hook to record either a successful TGT issuance
or failure (say if preauth verification fails).
- KDC principal alias support
The KDC should support multiple principal aliases for a particular
set principal keys. One use would be for a service on a system with
multiple hostnames. One set of keys could be generated for that
system and the other service princ names could be aliases.
- host based administrative authz
kadmind support for allowing an admin on a system that has a host
service principal to authenticate using the host service principal
key in the keytab and be able to create and manage other principals
that include that host component (host component must be present).
Example: a system foo.bar.sun.com has host/foo.bar.sun.com at SUN.COM
keys in it's keytab. The admin is then able to:
kadmin -k -p host/foo.bar.sun.com -q 'addprinc nfs/foo.bar.sun.com'
- distributed global rcache
Support for a global rcache such that multiple processes and systems
could detect replays when sharing a service principal name. This is
useful for cluster environments where multiple systems are providing
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 230 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20070131/f9aa63d3/attachment.bin
More information about the krbdev