https://k5wiki.test.kerberos.org/wiki?action=history&feed=atom&title=Release_Meeting_Minutes%2F2013-02-12 2026-05-14T17:29:18Z Revision history for this page on the wiki MediaWiki 1.27.4 https://k5wiki.test.kerberos.org/wiki?title=Release_Meeting_Minutes/2013-02-12&diff=5073&oldid=prev 2013-02-13T18:17:02Z

<p>New page: {{minutes|2013}} David Benjamin, Thomas Hardjono, Greg Hudson, Ben Kaduk, Simo Sorce, Zhanna Tsitkov, Tom Yu ;Greg: Started work on auth_to_local interface. Want to fix some existing beha...</p> <p><b>New page</b></p><div>{{minutes|2013}}<br /> David Benjamin, Thomas Hardjono, Greg Hudson, Ben Kaduk, Simo Sorce, Zhanna Tsitkov, Tom Yu<br /> <br /> ;Greg: Started work on auth_to_local interface. Want to fix some existing behavior. Can't distinguish different realms. Also a problem when using regex-based rules.<br /> <br /> ;Greg: Probably will leave things alone in case someone depends on it, and document behavior.<br /> <br /> ;Tom: git.mit.edu firewalled from off-campus soon.<br /> <br /> Some discussion about CAMMAC. What purpose does a KDC MAC serve? Detached verification? Some people (Sam?) are skeptical about detached verification. Do we want something like ad-signedpath? What bits to sign?<br /> <br /> ;Tom: S4U2Proxy -- CAMMAC as it currently exists is probably good enough to allow supporting it in the future. (e.g., could define a new authorization data type that MACs most of the content of the ticket, and put that in the CAMMAC.) So what is the minimum binding component?<br /> <br /> ;Simo: cname, authtime, endtime -- to support detached verification.<br /> <br /> ;Tom: Do you actually need detached verification?<br /> <br /> ;Simo: Can probably use GSS proxy, but would like the option if needed in the future.<br /> <br /> ;Tom: Will get text to you later this week.</div>

TomYu