[38280] in Kerberos
Re: Environment variable for client flags?
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Jul 9 11:11:22 2018
To: John Devitofranceschi <jdvf@optonline.net>, kerberos@mit.edu
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <a1f5df13-4ffa-2855-5b21-36db534d8a8d@mit.edu>
Date: Mon, 9 Jul 2018 11:11:05 -0400
MIME-Version: 1.0
In-Reply-To: <631B0F22-7025-4E58-A3FD-FB11A407D99E@optonline.net>
Content-Language: en-US
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On 07/07/2018 02:29 PM, John Devitofranceschi wrote:
> Has an environment variable for client flags ever been considered?
>
> The specific use case I’m thinking about is a situation where a user may want to override a system-wide configuration without the overhead of managing their own KRB5_CONFIG file.
I don't think that idea has come up before. The Kerberos development
community has traditionally had some antipathy towards environment
variables, although of course a number of them have been added over time.
You can currently specify multiple config files, like:
KRB5_CONFIG=/path/to/my/config:/etc/krb5.conf
How overrides work in this construction isn't as well-defined as I would
like, but for initial ticket options, relations defined in the first
file should take precedence.
Although using <(printf "[libdefaults]\n forwardable=false\n") in the
above construction might be convenient, it should be avoided for now
because of http://krbdev.mit.edu/rt/Ticket/Display.html?id=8651 .
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
