[32085] in Kerberos
Re: another (different) KDC name resolution question
daemon@ATHENA.MIT.EDU (Abe Singer)
Mon Feb 22 19:28:51 2010
Date: Mon, 22 Feb 2010 16:28:45 -0800
From: Abe Singer <abe@ligo.caltech.edu>
To: Tom Yu <tlyu@mit.edu>
Message-ID: <20100223002844.GH60489@ligo.caltech.edu>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <ldvhbp8ol9j.fsf@cathode-dark-space.mit.edu>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>From my perspective
on the DNS issue, we've got a workaround here that should
be good enough for us for the time being.
Thanks for the pointer to the roadmap. I'd like to know more about
the item "plugins for password quality checks." We're rolling our
own mod of kadmin that implements libcrack for password checking
(I've got a lot of good arguments for why that's way better than
complexity rules). I was going to submit a patch for consideration.
If you're going to be implemeting that sort of capability, I'd
vote for high priority for that.
On Mon, Feb 22, 2010 at 07:20:40PM -0500, Tom Yu wrote:
> To: Russ Allbery <rra@stanford.edu>
> Cc: Abe Singer <abe@ligo.caltech.edu>, kerberos@mit.edu
> Subject: Re: another (different) KDC name resolution question
> From: Tom Yu <tlyu@mit.edu>
> Date: Mon, 22 Feb 2010 19:20:40 -0500
>
> Russ Allbery <rra@stanford.edu> writes:
>
> > Abe Singer <abe@ligo.caltech.edu> writes:
> >
> >> Well, that at least explains it.
> >
> >> You could call it a misfeature, or just an unanticipated consequence.
> >> I suspect what we're doing here is a rare case.
> >
> > Actually, you are far from the only person to have had trouble with this.
> > It's one of the more frequent complaints about the library behavior that
> > I've seen, and it can cause some significant delays if one's DNS resolver
> > is slow for some reason.
>
> Thanks; this is useful input. Working around the address resolution
> latency issue probably requires redesign of some internal interfaces,
> as Greg mentioned, so we will need to allocate resources accordingly.
> I've added it to the roadmap. If you and others could rank its
> priority relative to the roadmap items that are already tentatively
> slated for 1.9, that would also be helpful.
>
> http://k5wiki.kerberos.org/wiki/Roadmap
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
