[LON-CAPA-dev] Kerberos
Guy Albertelli II
lon-capa-dev@mail.lon-capa.org
Mon, 28 Oct 2002 01:31:01 -0500 (EST)
Hi Gerd,
> > My proposal:
> >
> > (1) I have added two variables: lonDefKrbVer and lonDefKrbDom to the
> > loncapa.conf (default version is either 4 or 5 and default domain
> > would be oak_cell for us)
> >
>
> Actually, while this would work, it is somewhat against the philosophy of the
> server network.
>
> The idea is that a person can log into any server in the network and (after
> maybe changing the domain on the very login screen) find the exact same
> environment.
>
> loncapa.conf is machine specific. I very much like your above entries, though,
> but I would suggest to add to hosts.tab, so that the information is available on
> all machines. Fields would be added to one of the entries for a machine out of
> ohiou, just like we currently do with the domain plaintext description. I would
> suggest to add the fields
>
> :krb5:oak_cell
>
> or for MSU
>
> :krb4:MSU
I have got to say this make me severally cringe.
Not that lonDefDomain makes me happier.
Currently if you login into machine in domain X with domain Y for
class in domain Z, and try to Enroll a student, when you click on the
Kerbersos option the kerberos info is based off of X
So currently it does ignore any suggestion of network transparency.
Additionally hosts.tab is only for specifying what a machine looks
like in the network. Throwing login information in there seems to be
growing its role in the system, and it is already hard enough to keep
that file updated for accuracy.
I would prefer a new .tab file in /home/httpd/lonTabs, maybe one for
each login type, specifying a domain's default login info
kereberos.tab:
msu:krb4:MSU.EDU
ohiou:krb5:oak_cell
Etc.
--
guy@albertelli.com BM: n^20 t20 z20 qS
Guy Albertelli -7-7-7- O-
Two? Na.