[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Broken k5login authentication type.
|
From: |
Simon Josefsson |
|
Subject: |
Re: Broken k5login authentication type. |
|
Date: |
Wed, 08 Aug 2012 14:28:16 +0200 |
|
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/23.3 (gnu/linux) |
Mats Erik Andersson <address@hidden> writes:
> onsdag den 8 augusti 2012 klockan 14:11 skrev Simon Josefsson detta:
>> Mats Erik Andersson <address@hidden> writes:
>> >
>> > Probably better would be a configuration value like
>> >
>> > ## etc/shishi/shishi.conf
>> >
>> > ## Default authorization setting of servers. The default setting
>> > ## is "k5login basic", but administrators are urged to check this.
>> > ##
>> > #authorization-default=k5login basic
>> >
>> > This would make the library setting transparent and it would increase
>> > the awareness of the matter in each administrator using Shishi as their
>> > preferred Kerberos support. Including "k5login" probably eases the
>> > migration to libshishi in multi-system environments.
>>
>> That seems nice -- and presumably then we would remove the "k5login
>> basic" stuff from InetUtils?
>
> Removing, or introducing a command line switch to make configurable
> for the specific service, thus overriding the site policy?
Yup. It would be nice to be able to provide the intended Kerberos realm
to the telnet client as well, instead of falling back to
'default-realm'. The less intrusive 'server-realm' should work though,
but I didn't get it to work.
> In any case it is important that libshishi is consistent and
> transparent in itself.
Agreed.
/Simon