some mit k5 1.9 patches

Marcus Watts mdw at umich.edu
Fri Dec 17 02:15:49 EST 2010 

So following are 5 patches I used to build beta3.
1. patch list
2. patch details
3. known concerns

____ 1. patch list

These are updated patches a couple of which are similar to patches
for the production build (of kerberos 1.6.3 for the UMICH.EDU realm).
Others are for experimental use, or for other reasons.
	krb5-1.9b2-logts1.patch
	krb5-1.9b2-db2open1.patch
	krb5-1.9b2-desmd5.patch
	krb5-1.9b2-rename1.patch
	krb5-1.9b2-kpropd1.patch

____ 2. patch details

krb5-1.9b2-logts1.patch
/afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.9b2-logts1.patch
	local enhancement
	similar to production umich.edu change
	allow timestamps in logfile names, such as
		[logging] kdc = FILE:/var/log/krb5kdc.log.%Y%m%d

krb5-1.9b2-db2open1.patch
/afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.9b2-db2open1.patch
	incomplete feature - of general use?
	support
		kdb5_util dump { -rev | -backwards }
	which seems to have been left out of some past upgrade.  I had
	a test kerberos realm go sick one day.

krb5-1.9b2-desmd5.patch
/afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.9b2-desmd5.patch
	incomplete feature - obselete
	implement the KRB5_KDB_SUPPORT_DESMD5 attribute on principals.

krb5-1.9b2-rename1.patch
/afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.9b2-rename1.patch
	local enhancement
	similar to production umich.edu change
	ability to rename a principal.

krb5-1.9b2-kpropd1.patch
/afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.9b2-kpropd1.patch
	local enhancement
	kpropd: -n flag.
	I still run kadmind|krb5kdc and now kpropd out of bosserver.

____ 3. known concerns

Password quality checking.  The password quality plugin interface
	provided here is significantly simplified.  I don't know
	if that's an issue yet.
microsoft canonicalization patch.  I never came up with a good
	way to test this..
The replication logic is probably the biggest concern around here,
	incomplete (can't promote slave db to be master because
		not all attributes are replicated.)
	not timely.  is still polling based: pull semantics.

				-Marcus Watts

More information about the krbdev mailing list