rcache question
Simo Sorce
simo at redhat.com
Mon Aug 17 11:00:34 EDT 2020
On Thu, 2020-08-13 at 15:29 +0000, Joakim Tjernlund wrote:
> On Thu, 2020-08-13 at 11:17 -0400, Greg Hudson wrote:
> > On 8/13/20 8:45 AM, Joakim Tjernlund wrote:
> > > Looking at the mit-krb5 code is seems to me that rcache type "none" always
> > > returns true so I could just make :
> > > have_rcache_type(const char *type) { return 1; }
> > > Is that a correct assumption ?
> >
> > Yes, since it is no longer necessary to detect really old versions.
>
> OK, thanks!
>
> > I would recommend switching to mod_auth_gssapi if possible.
>
> It is planned but for now I just need to make the server run with 1.18
> Would browser notice if I switch to mod_auth_gssapi ? Some config to tweak ?
If you use just basic settings there should be no difference.
If you used some obscure mod_auth_krb config options you may need to
understand what they did and apply appropriate options to
mod_auth_gssapi configuration to compensate.
So far I do not know of any major difference, and haven't had bug
reports of situations where mod_auth_gssapi conf could not be adapted
to work as wanted.
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
More information about the krbdev
mailing list