KDB and referrals/aliases
Luke Howard
lukeh at padl.com
Wed Sep 2 15:29:30 EDT 2009
> I think it's a legitimate concern that kadmin clients be able to
> distinguish aliases from non-aliases. Not that getprinc(alias) should
> fail, but that it should tell you its canonical name; listprincs
> should
> probably list only canonical names.
Right, but that is the current behaviour.
>> 4. We could restructure the flags to make things clearer, but at a
>> penalty to Novell (and theoretically to anyone else who has made a
>> custom 1.7 back end).
>
> Are there other solutions? Can the KDC and kadmind remain compatible
> with existing DBs (and not distinguish aliases in that case)? What is
> the interface stability of the DAL? Would an incompatible change
> justify a 1.8 release?
The interface is private, but my two cents is that I'd prefer to keep
it as stable as possible (also so we can still test against the Novell
KDC backend).
-- Luke
More information about the krbdev
mailing list