suggestion for locating master kdc logic
Will Fiveash
will.fiveash at oracle.com
Mon Apr 9 16:37:55 EDT 2012
On Mon, Apr 09, 2012 at 04:06:26PM -0400, Sam Hartman wrote:
> OK.
>
> One question. We've had the default of not falling back since 1.3.2;
> that's been several years.
> Why do we want to change our default behavior now.
So that MIT and Solaris default fall back behavior is the same. Given
MIT originally changed the default fall back behavior I think it is
reasonable to ask that it be changed back to it's prior behavior.
Beyond that, what do you suggest we (Solaris krb developers) do about
this issue? Note that as a rule, the Solaris development guidelines
discourage changing default behavior with the goal of OS stability in
mind. In addition, the Solaris krb team has a long term goal of being
able to use MIT krb as is, without making Solaris specific modifications
as we have being doing up to this point.
> Second, assuming we do not choose to change our default behavior, why is
> try_admin_server better than simply specifying master_kdc?
I would not have suggested the try_admin_server realm parameter except
that I also suggested changing MIT default fall back behavior to what it
was prior to 1.3.2.
--
Will Fiveash
Oracle Solaris Software Engineer
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet, text based e-mail app <http://www.mutt.org/>
More information about the krbdev
mailing list