[37870] in Kerberos
Re: krb5.conf vs krb5.d/*.conf designs...
daemon@ATHENA.MIT.EDU (Charles Hedrick)
Fri Feb 24 10:50:08 2017
From: Charles Hedrick <hedrick@rutgers.edu>
To: Keith Jones <K.E.Jones@brighton.ac.uk>
Date: Fri, 24 Feb 2017 15:49:39 +0000
Message-ID: <6F264741-D2E0-430D-9DE1-1BE1368F360F@rutgers.edu>
In-Reply-To: <0ECF655AB2C4F94F948451D7FABFF9F301414D437C@ALUDRA.university.brighton.ac.uk>
Content-Language: en-US
MIME-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Redhat IPA installations already do that. You don’t need any new features. Just start /etc/krb5.conf with
includedir /etc/krb5.conf.d/
On Feb 23, 2017, at 4:37 PM, Keith Jones <K.E.Jones@brighton.ac.uk<mailto:K.E.Jones@brighton.ac.uk>> wrote:
Hiya,
My apologies for the newbie (and deeply naïve!) question but I've just joined the list because I can't find the google words to check if this has been discussed or explained to an idiot like me! :-).
Many distros (and packages) use a gently scaling concept where a system has a root "/etc/xxx,conf" file and then supports a "/etc/xxx.d/ " directory which contains multiple .conf files that are processed in traditional filename order (including paths directly seems to be going out of fashion). As Kerberos is security sensitive, I can imagine it might not be a very cool thing to support the "clobbering of settings" idea on any level, but it is rather flexible idea in real life to have config settings split into separate files and have things broken down into "override" global settings nicely.
Are there any feature request conversations going about supporting a krb5.d/ directory?
Regards,
Keith
___________________________________________________________
This email has been scanned by MessageLabs' Email Security System
on behalf of the University of Brighton. For more information see:
https://staff.brighton.ac.uk/is/computing/Pages/Email/spam.aspx
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
