[Freeipa-users] Generation of /etc/krb5.conf file
Marc Boorshtein
marc.boorshtein at tremolosecurity.com
Mon Dec 7 15:48:08 UTC 2015
>
> Looking into krb5/src/util/profile/prof_get.c, the code that supports
> 'yes'/'no' (y,yes,1,true,t,on and n,no,nil,off,false) was added in 2000
> with the commit 97971c69b9389be08b7e9ffb742ca35f3706b3af (it was CVS at
> the time but the commit is traceable via git after import from SVN).
>
> So I would say this is documentation issue on MIT krb5 side rather than
> exception. Given that the code is supported for 15 years already,
> perhaps making JDK aware of it is a better idea?
>
While yes its clearly a documentation issue I'd say its probably worth
changing on the IPA side as it doesn't affect how IPA functions and
makes it easier for integrating applications that are built to those
docs. I know I spent a couple of hours trying to figure out why I
wasn't generating forwardable TGTs on a box that is part of the domain
from an ipa client install vs a manually configured krb5.conf file.
Thanks
More information about the Freeipa-users
mailing list