[37179] in Kerberos
Re: Compatibilty between mixed kerberos release (KDC 1.12 client
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Wed Jul 29 22:07:00 2015
Message-Id: <201507300206.t6U26f59002987@hedwig.cmf.nrl.navy.mil>
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
To: kerberos@mit.edu
In-Reply-To: <CALNT6MX5Zc60_w=_mgaho2Nf+2HjqZFH0n_EQY8Ch-ZkAuh23w@mail.gmail.com>
MIME-Version: 1.0
Date: Wed, 29 Jul 2015 22:06:41 -0400
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>Is there any general wisdom out there about mixed KDC/Client versions? Are
>there concerns around allowing environments drift to where a KDC would be
>on a later release than the clients?
FWIW, we run a whole bunch of crazy versions of Kerberos, and generally
there is not an interoperability problem; the protocol is pretty well
specified and in general everything works fine at that level.
>There seems to be a change in default behavior in the 1.12+ where renewable
>tickets must be specifically requested (RHEL 7 is including the 1.12 as the
>tested krb release in platform).
This is more of a problem, but I don't consider this an interoperability
issue.
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos