KDC session key selection
Nico Williams
nico at cryptonector.com
Fri Jun 1 13:35:09 EDT 2012
On Fri, Jun 1, 2012 at 12:19 PM, Greg Hudson <ghudson at mit.edu> wrote:
> On 06/01/2012 01:10 PM, Nico Williams wrote:
>> Can plugins provide key/value validation methods so that kadmin setstr
>> can validate these strings? If not, could such validation methods be
>> added later?
>
> Right now there's no such facility, but when we were discussing string
> attributes, I do remember us agreeing that we could add this in the
> future. (Probably by amending the various KDC pluggable interfaces to
> include setstr validation methods.)
OK, good. That makes me feel better about using this "strings"
facility for this. With future validation methods the strings concept
becomes truly useful. In this particular case the validation to
perform would be to check that the enctypes listed are all valid.
Nico
--
More information about the krbdev
mailing list