directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Enrique Rodriguez <erodrig...@apache.org>
Subject Re: I'd like to start helping out here
Date Tue, 23 Nov 2004 21:28:14 GMT
Berin Loritsch wrote:
> Enrique Rodriguez wrote:
>> Berin Loritsch wrote:
>> Detection of both of these scenarios should be encapsulated in the 
>> Kerberos ProtocolProvider, but with denial performed as close to the 
>> wire as possible.
>>
>> Additionally, Kerberos admins should be able to clear denied Clients 
>> via management interface, so there should be a way to notify of a 
>> cleared address, too.  This usually happens due to misconfigured clients.
>>
> I personally would start with a windowed blackout time.

Sounds good.  I agree a windowed blackout time should be default.  The 
misconfiguration scenario I describe is a special case, when an admin 
setting up a client makes a mistake and it is specific to configuring 
Kerberos.  Waiting 20 minutes would be a huge inconvenience and 
restarting the services may not be acceptable.

-enrique


Mime
View raw message