[17335] in Kerberos_V5_Development
Re: Extensible kadm5 policies
daemon@ATHENA.MIT.EDU (Nico Williams)
Sun Oct 30 19:27:56 2011
MIME-Version: 1.0
In-Reply-To: <1320015597.7734.115.camel@willson.li.ssimo.org>
Date: Sun, 30 Oct 2011 18:27:52 -0500
Message-ID: <CAK3OfOjjPrmnM=ikk1JcD_+vYP2HUfEmO3++ZDu=TCw=KmdB3A@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Simo Sorce <simo@redhat.com>
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Sun, Oct 30, 2011 at 5:59 PM, Simo Sorce <simo@redhat.com> wrote:
> Your design seem a huge hack built only with regard to the default
> database backend and its limitations.
Not so. I will grant that the design was inspired by Heimdal's
current approach to policies.
> It would make it difficult to built decent translation for the LDAP
> backend and in general add a mapping burden on any custom backend.
I don't agree.
> This kind of hack seems ok for a custom project but I think that if you
> want to push for additional policies upstream you really need to propose
> a long term fix that is not an ugly hack imho.
Well, I have done just that. The design has been accepted by Love for
Heimdal, for example, though since I've not yet finished that work
there's still time to make changes. And we had a discussion on
#krbdev about this the other day. The whole point of this thread is
to come up with something that suits us and upstream.
> I see no problem in changing APIs or adding RPCs if there is a clear
> benefit to all KDC users.
Would you please address the need that we stated then?
Nico
--
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
