[20152] in Kerberos_V5_Development
Re: rcache question
daemon@ATHENA.MIT.EDU (Simo Sorce)
Mon Aug 17 11:01:59 2020
Message-ID: <62a33328e68843f4e3c997f362c0de6d301d688e.camel@redhat.com>
From: Simo Sorce <simo@redhat.com>
To: Joakim Tjernlund <Joakim.Tjernlund@infinera.com>,
"krbdev@mit.edu"
<krbdev@mit.edu>,
"ghudson@mit.edu" <ghudson@mit.edu>
Date: Mon, 17 Aug 2020 11:00:34 -0400
In-Reply-To: <5d432671cdabc7abf416a2ada18e7ea588f6f870.camel@infinera.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Thu, 2020-08-13 at 15:29 +0000, Joakim Tjernlund wrote:
> On Thu, 2020-08-13 at 11:17 -0400, Greg Hudson wrote:
> > On 8/13/20 8:45 AM, Joakim Tjernlund wrote:
> > > Looking at the mit-krb5 code is seems to me that rcache type "none" always
> > > returns true so I could just make :
> > > have_rcache_type(const char *type) { return 1; }
> > > Is that a correct assumption ?
> >
> > Yes, since it is no longer necessary to detect really old versions.
>
> OK, thanks!
>
> > I would recommend switching to mod_auth_gssapi if possible.
>
> It is planned but for now I just need to make the server run with 1.18
> Would browser notice if I switch to mod_auth_gssapi ? Some config to tweak ?
If you use just basic settings there should be no difference.
If you used some obscure mod_auth_krb config options you may need to
understand what they did and apply appropriate options to
mod_auth_gssapi configuration to compensate.
So far I do not know of any major difference, and haven't had bug
reports of situations where mod_auth_gssapi conf could not be adapted
to work as wanted.
Simo.
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
