[31882] in Kerberos
Re: Upcoming KfW 3.x ??
daemon@ATHENA.MIT.EDU (Jeff Blaine)
Thu Jan 7 14:38:39 2010
Message-ID: <4B46383B.7010407@kickflop.net>
Date: Thu, 07 Jan 2010 14:38:35 -0500
From: Jeff Blaine <jblaine@kickflop.net>
MIME-Version: 1.0
To: jaltman@secure-endpoints.com
In-Reply-To: <4B462D98.3030108@secure-endpoints.com>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>> I'd love to be a tester, but unfortunately I need to run the
>> version our users have in order to troubleshoot things.
> Without being a tester, you won't be able to ensure that the next
> release works
> the way you want it to in your environment. Unless you are providing
> funding or
> some in-kind assistance in the development, why should I spend my time
> answering
> your e-mails when you have trouble?
I guess you shouldn't (?)
Perhaps you could explain Secure Endpoints' role in KFW
development? Last I heard from a link on your website,
MIT was hiring a full-time developer for KFW. Did that
not happen?
If I install NIMv2 and report in detail on what I find in
our environment, does that give me credits to use?
>> Aside, is there a reason for the 2-step credential obtaining
>> process where the account is 'checked' then one is given a
>> password text entry field? It's clunky to interact with.
> In NIM v1.x the account's existence is verified before prompting for a
> password in
> order to protect against users that typo the username or realm and
> created an
> identity in the database that in fact does not exist.
>
> In NIM v2, identities are created by a wizard that walks the user
> through the
> configuration of all applicable credential providers. After the
> identity is created
> the user simply selects one of the pre-configured ones instead of manually
> typing the username and realm each time. This change is both to
> improve usability
> but also to permit NIM v2 to be used with X.509 and Keystore identities in
> addition to Kerberos v5.
Great.
>> Another aside, what release will have krb4 cred obtaining
>> disabled by default?
>
> Any release you want. As I have said before, you can use a transform to
> configure
> the MSI installer to disable Kerberos v4. You can do this today
I am asking when the decision might be made to turn it off by
default in the master distribution, of course. I already saw
and read your previous response.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
