Project Review: kinit -C
Sam Hartman
hartmans at MIT.EDU
Thu Sep 16 16:34:59 EDT 2010
>>>>> "Tom" == Tom Yu <tlyu at MIT.EDU> writes:
Tom> Ken Raeburn <raeburn at MIT.EDU> writes:
>> Wouldn't most of this problem go away if keytab types were
>> pluggable?
Tom> [...]
>> That would just leave the question of whether pluggable keytab
>> types are a good idea. :-)
Tom> I think it's a great idea. I'm not sure that we have time to
Tom> implement it for the 1.9 release.
As do I.
Especially given that kinit -C ended up being taken and the syntax I
ended up with was
kinit -k -t KDB:
Ken's solution works well.
I actually thought about a preauth plugin or a locate plugin that
registered the kdb keytab in its initialization function combined with a
change to the KDB keytab to take the realm of the KDB as its argument.
I decided that having preauth plugins or locate plugins as a hook for a
keytab registration was architecturally impure.
--Sam
More information about the krbdev
mailing list