[28] in Kerberos_V5_Development
Meeting minutes
jtkohl@ATHENA.MIT.EDU (jtkohl@ATHENA.MIT.EDU)
Thu Jan 11 17:33:33 1990
minutes of krb5 meeting of 11 Jan 1990
Some discussion of ASN.1 formats for timestamps (possibly using one
timestamp plus some deltas), possible bad interaction of ASN.1 tags in
known plaintext cipher attacks, etc...
suggestion to append _t on all kerberos type names
suggestion for sanity check functions on flags (to make sure the
combinations are a reasonable request before forwarding to the KDC)
We want a private memory ticket cache as well as a file and
shared-memory cache.
** Bill and Ken will write up the end result of the ticket cache
discussions
The interface for krb5_sendauth should include options for doing the
2-tgt exchange stuff.
a function to initialize a credentials structure from a client & server
is needed (so that cred in/out values can later be passed to
free_krb5_credentials())
functions which the spec says take tcache_names take ccache_id's
[they are called credential caches now]
the names of some of the parameters are inconsistent and hard to figure
out (exxx vs dc_xxx)
impl note: to find a dup skey ticket, specify 'session key' in the
match parameters
various ideas about perhaps allowing/supporting user preferences files
(to configure various defaults & such)
** Bill will propose a new flag for kdc_options to allow the KDC to
choose appropriate values for the ticket flags & lifetimes
Someone objected to using the high bit of the msec field for direction
bit (it was used to conserve space, but ASN.1 strikes...); it'll be
moved to a separate field for libkrb, and the encoding can do whatever
it wants.
** Jay will write up proposed functions to deal with server key caches.
some discussion of C typedefs &c .
