a suggestion for reducing use of kdc.conf

Nico Williams nico at cryptonector.com
Tue May 7 15:11:49 EDT 2013

On Tue, May 7, 2013 at 12:46 PM, Will Fiveash <will.fiveash at oracle.com> wrote:
>> (This is a big deal at Sun^H^H^HOracle, in Solaris engineering and at
>> PSARC.  Or used to be.)
> Still a big deal.  8^)

Not surprised.

The principle is: secrets go in files that only bear those secrets and
no other configuration data (metadata about the secrets is ok, like
principal names, kvnos, entypes, in keytab files), to make management
of secrets separable from configuration management.


More information about the krbdev mailing list