Re: Shishi interop server running

help-shishi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Shishi interop server running

From:	Mats Erik Andersson
Subject:	Re: Shishi interop server running
Date:	Thu, 9 Aug 2012 19:52:44 +0200
User-agent:	Mutt/1.5.18 (2008-05-17)

onsdag den  8 augusti 2012 klockan 15:18 skrev Simon Josefsson detta:
> All,
> 
> I have setup a Shishi KDC for interop purposes on interop.josefsson.org.
> The server is running Ubuntu 12.04 with Shishi installed from packages.

There is one issue with ticket life times in the present setup.

An outdated OpenSolaris, as well as a contemporary OpenIndiana, are
both receiving TGT:s of almost infinite validity when requested by
kinit(1) without specifying a desired life time at the command line.

In fact, the ticket is valid until 2037-12-31, at 00:00. Using
instead "kinit -l 2h" provides the bounded, and correct expiry time.

The interpretation is that libshishi must initialize a sane default,
even if the administrator does not ask for this explicitly. It seems
as if the other MIT derived implementations, and those based on Heimdal,
are by themselves imposing a reasonable time limit already in kinit(1),
just as shishi(1) does itself. I do not think that Shishi should rely
on this, but should instead improve in the sense of setting a finite
interval as default initialization.

Also, probably the authorization value of the TELNET server should
be raised to "-avalid".


Best regards,

  Mats Erik Andersson

[Prev in Thread]

Current Thread

[Next in Thread]

Shishi interop server running, Simon Josefsson, 2012/08/08
- Re: Shishi interop server running, Mats Erik Andersson <=
  - Re: Shishi interop server running, Mats Erik Andersson, 2012/08/15

Prev by Date: Re: Shishi 1.0.1 released
Next by Date: Tickets with instance names.
Previous by thread: Shishi interop server running
Next by thread: Re: Shishi interop server running
Index(es):
- Date
- Thread