a suggestion for reducing use of kdc.conf

Greg Hudson ghudson at MIT.EDU
Wed May 8 17:10:05 EDT 2013

On 05/07/2013 06:55 PM, Will Fiveash wrote:
> I'm confused at this point.  If we are talking about parameters like
> key_stash_file in k*.conf files which provide a non-default path to a
> protected file that contain secret/private data then that's not a
> problem.  If we are talking about k*.conf parameters that allow the
> admin to store secrets in the k*.conf file itself then that's a problem.
> Can someone provide more detail?

The issue is the "secret" variable in
http://k5wiki.kerberos.org/wiki/Projects/OTPOverRADIUS (a project which
has undergone review, but hasn't been merged yet).

Most likely Nico is right, and we should change the variable to hold the
pathname of a file containing the RADIUS secret.

More information about the krbdev mailing list