[1898] in Kerberos_V5_Development
Default getting of V4 tickets
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Tue Oct 29 10:17:38 1996
Date: Tue, 29 Oct 1996 10:17:02 -0500
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: krbdev@MIT.EDU
I propose that we turn *off* the default getting of V4 tickets in
bsd/appl/login.c, and make people explicitly turn it on (by editing
krb5.conf) if they want it.
The rationale is that people who aren't doing V4 compatibility don't
need the extra hair, and currently the V4 library code has
ATHENA.MIT.EDU hard-coded as the default realm of krb.conf doesn't
exist. This causes a name resolution to kerberos.athena.mit.edu, which
is pointless (fortunately it doesn't exist, or it would get hosed with
random Kerberos requests).
Another solution is to put in the support in the V4 library to use the
V5 krb5.conf file instead. There was talk of doing this, and it may
even may be how things are done in the Cygnus release, but it's not done
now. It's also not clear to me whether or not this is really a good
idea by default. In any case, simply turning off the default behavior
in appl/bsd/login.c is by far the most risk-free way of fixing the
problem, so that's what I would propose we do.
Comments?
- Ted
