(Illustration by Gaich Muramatsu)
Hello Michael, On Wed, Apr 07, 2004 at 01:32:27AM +0200, Michael Tautschnig wrote: > > There should be _no_ hostname used for the auth service principal, > > we were just inventing a problem. > What else should that be then? Something like coda/coda.realm_at_REALM exactly, one service principal per (Coda realm, Kerberos realm) is sufficient, like coda/coda.realm_at_KRB.REALM as you say (note that the existing code forces one Coda realm - one Kerberos realm relation, while a Coda realm could otherwise use services of more than one independent Kerberos realms as well) > > I do not think either that the code is worth improving. > > I'd rather like to replace it with the experimental new modular one. > Is there any yet? Where can I find it? You can't :) unless you proclaim to be really determined to change the world :) There is a rewritten clog suite but it is basically waiting for 1. completion (working fine but some details should be fixed like server side rewrite and merging all implemented authentication methods (*-gss)) 2. token format change which is desirable for some reasons including 3. changes in Coda identity database to embrace more general identities namespace 4. approval :) of Jan & Satya which seems a questionnable thing given the deep impact and incompatibilities introduced by the steps above The earliest point where it could be present (if at all) is probably unplanned yet Coda 7 ... ? For the moment I am running it since December in "compatibility" configuration and may be it is worth merging "as-is" - but it will certainly break some setups. E.g. pam_kcoda should be rewritten to interact with it. (put it as "1a" in the list above...) Probably you are better off using the existing code with your patch. (btw, I guess your patch could help as well by forcing to lowercase, then it would be possibly more compatible with the "usual case"?) Best regards, -- IvanReceived on 2004-04-07 04:46:22