[17307] in Kerberos_V5_Development
Re: Proposed Behavior change: don't fail when
daemon@ATHENA.MIT.EDU (Simo Sorce)
Fri Oct 14 14:47:06 2011
From: Simo Sorce <simo@redhat.com>
To: Sam Hartman <hartmans@mit.edu>
In-Reply-To: <tslbotjekjp.fsf@mit.edu>
Date: Fri, 14 Oct 2011 14:47:01 -0400
Message-ID: <1318618021.31149.152.camel@willson.li.ssimo.org>
Mime-Version: 1.0
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Fri, 2011-10-14 at 10:04 -0400, Sam Hartman wrote:
> I'd like to propose that if krb5_sname_to_principal fails to look
> something up in dns, it assume it's canonical form. There are a
> number
> of cases where you might want a principal event though you cannot
> connect to the host. For example you might be checking a principal
> with
> kvno -S. You might be dealing with an acceptor principal even though
> your dns is down.
>
> This does change the error people will get but I think it improves
> things and helps people who don't need to depend on DNS introduce
> unneeded DNS dependencies.
>
+1 would help a lot on flaky networks.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
