kclient version 2 [PSARC/2007/401 FastTrack timeout 07/13/2007]
Shawn M. Emery
Shawn.Emery at sun.com
Sun Jul 8 22:21:47 PDT 2007
James Carlson wrote:
> Wyllys Ingersoll writes:
>
>> -t: configure a simple broadcast/multicast NTP client
>>
>
> Why is this part of kclient? Though having a tool to administer NTP
> clients would probably be helpful (and having it tied into something
> like DHCP and thus automatic would be much more helpful still), it
> seems out of place here.
>
As Roland, et. al., have mentioned, the Kerberos client could fail to
authenticate given clock skew with KDCs. So there is a dependency and
the administrator may not have control over the network's DHCP servers.
>> -T kdc_vendor: specify the KDC of the client to be of kdc_vendor. Supported
>> vendors are currently:
>> ms_ad: Microsoft Active Directory
>> mit: MIT KDC server
>> heimdal: Heimdal KDC server
>> shishi: Shishi KDC server
>>
>
> Why does the user have to specify this? Is there no way for the
> client implementation to detect the proper KDC variant to use?
>
There is no standard to detect the version of the administrative
interface. As Roland mentions having an option would provide a more
deterministic way using the right interface. For example, one protocol
may work with a number of vendors, but another protocol may work more
affectively.
Shawn.
--
More information about the opensolaris-arc
mailing list