[536] in Kerberos
srvtab documentation
daemon@TELECOM.MIT.EDU (Jonathan I. Kamens)
Tue Nov 29 00:58:27 1988
From: Jonathan I. Kamens <jik@ATHENA.MIT.EDU>
To: kerberos@ATHENA.MIT.EDU
I just had a discussion with Jon Rochlis about the documentation which
is available about keys which can be put into a srvtab file.
I say that there should be a Project Athena document which lists which
srvtab keys are required for each kerberos-authenticated service at
Project Athena. My reasons are as follows:
1. I don't think it's correct to assume that only operations and
watchmaker people who know what keys to use will be administering
machines with srvtab files.
2. Jon said that I can "grep through the sources" of whatever service
I am planning on using for krb_mk_req and krb_rd_req in order to
find out what keys I need. Well, that's just fine for me, since I
have source access. What about someone who doesn't have source
access? Also, I shouldn't have to search through all of the
sources just to find out what keys I need.
3. Providing such a document will make for less work for the net.god
people. People won't bug them with "what's the srvtab entry for
this?" questions, and people will know for sure what srvtab entries
they need and will therefore ask for fewer remakes of srvtab files.
4. Documentation, in general, is a good thing. Having srvtab keys
running around without any documentation is a bad thing.
5. Jon claims the list would be difficult to put together. I
disagree. The kerberos people *know* what services are using
kerberos. I don't think it would be that hard for them to write up
such a list, and things they miss will be pointed out and corrected
by Athena staff members.
6. Jon claims the list would be difficult to keep up-to-date. I
disagree for the reasons listed above. In addition, how often does
a new srvtab key come along?
7. When kerberos is shipped out, a list of which srvtab keys each
service shipped with kerberos requires will probably be a good
thing. Also, since many sites getting kerberos will get other
Athena software in addition to kerberos, it will help for them to
have the list I've described?
Comments? Objections? First drafts?
jik
