[cups.general] Strange kerberos problem [solved]
Michael Sweet
mike at easysw.com
Tue Jan 29 14:12:35 PST 2008
Brandon S. Allbery KF8NH wrote:
>
> On Jan 29, 2008, at 14:25 , Michael Sweet wrote:
>
>> Microsoft seems to love creating huge credentials - any non-Windows
>> KDC is able to keep the credentials under 2k, even with large
>> numbers of groups...
>
> Non-Microsoft Kerberos doesn't do groups, or anything else beyond
> straight authentication (not authorization!) and a free session key. I
> think IBM/HP/DEC's DCE was the only thing other than Active Directory to
> use the private use area in krb5 tickets, and its use was minimal.
Um, I'm pretty sure that standard MIT Kerberos + LDAP provides
groups, without bloating credentials. Anyways, I've updated the
code to support credentials up to 64k in size.
--
______________________________________________________________________
Michael Sweet, Easy Software Products mike at easysw dot com
More information about the cups
mailing list