[LON-CAPA-dev] Kerberos

[Mark Lucas]

Hi-

	I've got some questions about desirable default behavior for 
kerberos.

	We are using kerberos 5. We also have a lowercase default domain
(oak_cell).

	The default behavior is to choose kerberos4 and to build a default 
domain (capitalized) out of the server name. Doesn't work well for me.

	The goal, of course, is to have the instructors not have to think 
about it at all. The proper default version for a site (say 5 and 
oak_cell) should not change.

	My proposal:

(1) I have added two variables: lonDefKrbVer and lonDefKrbDom to the
    loncapa.conf (default version is either 4 or 5 and default domain
    would be oak_cell for us)

(2) The version is checked accordig the default. If no default, then
    it is selected as 4.

(3) The default domain overrides the IPname derived default domain

(4) I would place a common routine in loncommon that returns the
    default kerberos domain.

(5) I want a mechanism to turn off the auto-capitalization. Should
    this be turned off by default now? Especially with the ability to
    hand set the domain appropriate default?

Suggestions? I have about half of this implemented. Let me know if I 
should go in a different direction.

About Kerberos, how common are the defaults? (as per capitalization, etc.)
(I was handed the oak_cell default domain by our central computer people - 
Is there a way to set an alias for this? For example, OHIOU.EDU)

					Thanks!
					     Mark
----------------------------------------------------------------------------
Mark Lucas					email: lucasm@ohiou.edu
252D Clippinger Lab  				phone: (740)597-2984
Department of Physics and Astronomy             fax:   (740)593-0433
Ohio University
Athens, OH 45701