[cups.general] Strange kerberos problem [solved]
Brandon S. Allbery KF8NH
allbery at ece.cmu.edu
Tue Jan 29 11:41:08 PST 2008
On Jan 29, 2008, at 14:25 , Michael Sweet wrote:
> Microsoft seems to love creating huge credentials - any non-Windows
> KDC is able to keep the credentials under 2k, even with large
> numbers of groups...
Non-Microsoft Kerberos doesn't do groups, or anything else beyond
straight authentication (not authorization!) and a free session key.
I think IBM/HP/DEC's DCE was the only thing other than Active
Directory to use the private use area in krb5 tickets, and its use
was minimal.
That said, the standard does have the private use area and it's not
inconceivable that other things will use it in the future. And Samba
4 integrates with the Heimdal krb5 implementation to provide Active
Directory support, so even Unix KDCs may well produce large tickets
in the near future.
--
brandon s. allbery [solaris,freebsd,perl,pugs,haskell] allbery at kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery at ece.cmu.edu
electrical and computer engineering, carnegie mellon university KF8NH
More information about the cups
mailing list