a suggestion for reducing use of kdc.conf
nico at cryptonector.com
Tue May 7 17:22:25 EDT 2013
On Tue, May 7, 2013 at 3:38 PM, Greg Hudson <ghudson at mit.edu> wrote:
> Keep in mind that krb5.conf supports include directives now.
Right, but I'm not sure that that would be enough to mollify PSARC. I
guess they might be OK if Will sets up defaults and documentation such
that users don't end up including secrets in krb5.conf or kdc.conf
unless they really mean to, but... then there's MIT's docs as well.
I'd like you to buy into the principle in question, rather than see
this as something that a weirdo distro/vendor wants. I personally
agree with that principle -- I'm not carrying PSARC's water.
More information about the krbdev