svn commit: samba r21436 - in
branches/SAMBA_4_0/source/heimdal/kdc: .
Love Hörnquist Åstrand
lha at it.su.se
Thu Feb 22 01:18:40 GMT 2007
> The problem is that you don't get better security then your krbtgt
> and there
> is no good tool to add an enctype to an entry. That is, unless you,
> like me, think
> kadmin dump bar ; grep krbgtb/REALM at RELAM bar > foo ; emacs foo ;
> kadmin merge foo
> is a prefect good way to change your database.
>
> I guess this show that there is a real need for such a tool,
> there is a kadmin del_enctype, but no kadmin add_enctype.
>
> I make a commit that is diffrent, it uses the expliti list of keys
> instead of etype list,
> is that ok with you ?
So your patch is bad for the paranoid admin. If you don't want your
KDC to
support any other enctypes the best (currently), you can no longer
remove
all other enctypes and know that it still works.
So I make the KDC pick the clients best in that case and hope for the
best.
Love
More information about the samba-technical
mailing list