[1702] in Kerberos-V5-bugs
Kprop/kpropd wish list
daemon@ATHENA.MIT.EDU (epeisach@MIT.EDU)
Wed Nov 1 18:16:43 1995
From: epeisach@MIT.EDU
Date: Wed, 1 Nov 1995 18:16:31 -0500
To: krb5-bugs@MIT.EDU
For somebody to someday implement....
Now that the kdc's can support multiple realms, it is a shame that
kpropd assumes that the default database name is in use...
Of course you could have a different kpropd line in inetd with differing
command invocations to handle database locations and realms, access
files, etc, but this should be configurabale in the kdc.conf.
I envision that this may require changing protocol versions as we want
to send over more than just the database - we also want/need the realm
to be sent over in the request... (this is for the send/recv_auth)
A way of bootstrapping the information needed (at preserving backwards
compatibility) is in the xmit_database/recv_database - when the length
is transmitted in the krb5_mk_safe/krb5_rd_safe, if the length is 4 -
then only the size is present - otherwise other information should be
assumed to be present - of which could be an encoded structure with a
proper protocol number.....
This is for someday...
Ezra
