a suggestion for reducing use of kdc.conf

[Nico Williams]

On Tue, May 7, 2013 at 12:46 PM, Will Fiveash <will.fiveash at oracle.com> wrote:
>> (This is a big deal at Sun^H^H^HOracle, in Solaris engineering and at
>> PSARC.  Or used to be.)
>
> Still a big deal.  8^)

Not surprised.

The principle is: secrets go in files that only bear those secrets and
no other configuration data (metadata about the secrets is ok, like
principal names, kvnos, entypes, in keytab files), to make management
of secrets separable from configuration management.

Nico
--