[1210] in Kerberos_V5_Development
Re: New KADM5 API spec
daemon@ATHENA.MIT.EDU (Jonathan Kamens)
Sun May 19 13:57:39 1996
Date: Sun, 19 May 1996 16:42:41 GMT
From: Jonathan Kamens <jik@annex-1-slip-jik.cam.ov.com>
To: bjaspan@MIT.EDU
Cc: krbdev@MIT.EDU
In-Reply-To: <9605161947.AA16076@beeblebrox.MIT.EDU> (bjaspan@MIT.EDU)
For the most part, your changes to the API spec look good. I have
just a few comments:
Section 1
Should it say "This document" rather than "This section"?
"It is also be possible" should say "It is also possible".
Section 4.1
Concerning tl_data:
"so none of the them provided in this list" makes no sense. I don't
know how to correct it, because I don't understand what it's trying to
say.
Could you elaborate a little bit in this document about what tagged
these data are, or point me at documentation of them. I have no idea
what they're all about.
Section 4.3
"The remote clients libraries" should say "The remote client
libraries".
"The local clients libraries" should say "The local client libraries".
Section 4.4
This entire section should have change bars, I think.
"Each time a principal's key is changed with kadm5_create_principal,
kadm5_chpass_principal or kadm5_randkey_principal, a key entry for
each encryption and salt type tuple specified in the configuration
parameters is added." Presumably, if there's already a key entry for
that encryptiong/salt type tuple, the existing entry is changed rather
than a new one being added?
Section 5
"/krb5/ovsec_adm.acl" probably shouldn't contain the string "ovsec".
"/krb5/ovsec_principal.db" probably shouldn't contain the string
"ovsec".
Section 7
This section claims that everything about server authorization has
changed in version 2, but the description here looks the same as in
version 1. Have you just not updated it yet?
