[16555] in Kerberos_V5_Development
some mit k5 1.9 patches
daemon@ATHENA.MIT.EDU (Marcus Watts)
Fri Dec 17 02:15:53 2010
Message-Id: <E1PTUXd-0008Iq-QL@bruson.ifs.umich.edu>
To: krbdev@mit.edu
Date: Fri, 17 Dec 2010 02:15:49 -0500
From: Marcus Watts <mdw@umich.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
So following are 5 patches I used to build beta3.
1. patch list
2. patch details
3. known concerns
____ 1. patch list
These are updated patches a couple of which are similar to patches
for the production build (of kerberos 1.6.3 for the UMICH.EDU realm).
Others are for experimental use, or for other reasons.
krb5-1.9b2-logts1.patch
krb5-1.9b2-db2open1.patch
krb5-1.9b2-desmd5.patch
krb5-1.9b2-rename1.patch
krb5-1.9b2-kpropd1.patch
____ 2. patch details
krb5-1.9b2-logts1.patch
/afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.9b2-logts1.patch
local enhancement
similar to production umich.edu change
allow timestamps in logfile names, such as
[logging] kdc = FILE:/var/log/krb5kdc.log.%Y%m%d
krb5-1.9b2-db2open1.patch
/afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.9b2-db2open1.patch
incomplete feature - of general use?
support
kdb5_util dump { -rev | -backwards }
which seems to have been left out of some past upgrade. I had
a test kerberos realm go sick one day.
krb5-1.9b2-desmd5.patch
/afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.9b2-desmd5.patch
incomplete feature - obselete
implement the KRB5_KDB_SUPPORT_DESMD5 attribute on principals.
krb5-1.9b2-rename1.patch
/afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.9b2-rename1.patch
local enhancement
similar to production umich.edu change
ability to rename a principal.
krb5-1.9b2-kpropd1.patch
/afs/umich.edu/group/itd/build/mdw/krb5.15x/patches/krb5-1.9b2-kpropd1.patch
local enhancement
kpropd: -n flag.
I still run kadmind|krb5kdc and now kpropd out of bosserver.
____ 3. known concerns
Password quality checking. The password quality plugin interface
provided here is significantly simplified. I don't know
if that's an issue yet.
microsoft canonicalization patch. I never came up with a good
way to test this..
The replication logic is probably the biggest concern around here,
incomplete (can't promote slave db to be master because
not all attributes are replicated.)
not timely. is still polling based: pull semantics.
-Marcus Watts
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
