You are viewing a plain text version of this content. The canonical link for it is here.

Posted to kerby@directory.apache.org by "Zheng, Kai" <ka...@intel.com> on 2015/12/01 07:53:02 UTC

RE: About TokenPreauth related configurations

Thanks Lin for making the change!

Regards,
Kai

-----Original Message-----
From: Lin Chen [mailto:linchen7@foxmail.com] 
Sent: Monday, November 30, 2015 7:18 PM
To: kerby <ke...@directory.apache.org>
Subject: Re: About TokenPreauth related configurations

I agreed. And I will make the refactor. Thanks~


Regards,
Lin




------------------ Original ------------------
From:  "zhengkai";<ka...@intel.com>;
Date:  Fri, Nov 20, 2015 00:06 AM
To:  "kerby@directory.apache.org"<ke...@directory.apache.org>; 

Subject:  About TokenPreauth related configurations



Hi,

I just noticed we had added the following listed configuration items in KDC side. I guess they're for the TokenPreauth mechanism.
    VERIFY_KEY(),
    DECRYPTION_KEY(),
ISSUERS();

It looks like they're too short or not clear in which domain in the global configuration namespace. I would change them to be something like follows.
    TOKEN_VERIFY_KEYS(),
    TOKEN_DECRYPTION_KEYS(),
TOKEN_ISSUERS();

I guess such change may affect you, so please be noted. Also let me know if you have any concern or suggestion. Thanks.

Regards,
Kai