[16318] in Kerberos_V5_Development
Re: Project Review: kinit -C
daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu Sep 16 16:35:23 2010
From: Sam Hartman <hartmans@mit.edu>
To: Tom Yu <tlyu@mit.edu>
Date: Thu, 16 Sep 2010 16:34:59 -0400
In-Reply-To: <ldvfwxaitdj.fsf@cathode-dark-space.mit.edu> (Tom Yu's message of
"Wed, 15 Sep 2010 17:34:00 -0400")
Message-ID: <tslzkvhfmvg.fsf@live.mit.edu>
MIME-Version: 1.0
Cc: Ken Raeburn <raeburn@mit.edu>, "krbdev@mit.edu Dev List" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
>>>>> "Tom" == Tom Yu <tlyu@MIT.EDU> writes:
Tom> Ken Raeburn <raeburn@MIT.EDU> writes:
>> Wouldn't most of this problem go away if keytab types were
>> pluggable?
Tom> [...]
>> That would just leave the question of whether pluggable keytab
>> types are a good idea. :-)
Tom> I think it's a great idea. I'm not sure that we have time to
Tom> implement it for the 1.9 release.
As do I.
Especially given that kinit -C ended up being taken and the syntax I
ended up with was
kinit -k -t KDB:
Ken's solution works well.
I actually thought about a preauth plugin or a locate plugin that
registered the kdb keytab in its initialization function combined with a
change to the KDB keytab to take the realm of the KDB as its argument.
I decided that having preauth plugins or locate plugins as a hook for a
keytab registration was architecturally impure.
--Sam
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
