Extensible kadm5 policies
Tom Yu
tlyu at MIT.EDU
Mon Oct 31 12:27:07 EDT 2011
Simo Sorce <simo at redhat.com> writes:
> On Sun, 2011-10-30 at 17:06 -0500, Nico Williams wrote:
>> On Sun, Oct 30, 2011 at 4:43 PM, Simo Sorce <simo at redhat.com> wrote:
>> > On Fri, 2011-10-28 at 11:54 -0500, Nico Williams wrote:
>> >> 1) Treat policies as principals named with a well-known naming
>> >> convention to avoid collisions;
>> >
>> > I don't g4et this, but it sounds ugly and something I wouldn't like to
>> > see.
>>
>> Aside from whether it's ugly, Heimdal already does it, though for just
>> one policy, the one named "default".
>
> Ok, it doesn't necessarily mean it is a good design you want to 'port'
> to other implementations.
>
>> As for ugliness, yes, it's ugly, but the current policy DB mess is far
>> uglier,
>
> Doesn't justify adding more ugliness IMO.
Let's make things prettier, not uglier.
More information about the krbdev
mailing list