Kerberos dev project for review: domain_realm mapping via KDC referral
Russ Allbery
rra at stanford.edu
Mon Apr 28 19:01:04 EDT 2008
Ken Raeburn <raeburn at MIT.EDU> writes:
> At http://k5wiki.kerberos.org/wiki/Projects/domain_realm_referrals I've
> posted a write-up of a small project for review; the review period runs
> through May 12. Please have a look. The purpose of the project:
>
> Eliminate the need for the domain_realm mapping table on the client
> side, in the common case, by implementing minimal referral support in
> the KDC and providing the mapping information to clients through that
> protocol.
I would prefer to be able to configure the list of services in a KDC
configuration file from early on rather than using a hard-coded list,
since we frequently run into host-based principals of types that software
isn't already familiar with.
I think having a configurable list of components is better than just
looking at the second component and checking whether it looks like a
hostname.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list