[1122] in Kerberos-V5-bugs
krb5b4pl3: KRB5ROOT, KDB5DIR, KRB5SRVTABDIR aren't sufficient
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Thu Mar 9 11:19:57 1995
From: "Jonathan I. Kamens" <jik@cam.ov.com>
Date: Thu, 9 Mar 1995 11:22:48 -0500
To: krb5-bugs@MIT.EDU
Right now, include/krb5/Makefile performs substitutions on the
variables KRB5ROOT, KDB5DIR and KRB5SRVTABDIR when creating osconf.h.
The lines in osconf.h that are affected by these substitutions are:
#define DEFAULT_CONFIG_FILENAME "@KRB5ROOT/krb.conf"
#define DEFAULT_TRANS_FILENAME "@KRB5ROOT/krb.realms"
#define DEFAULT_LNAME_FILENAME "@KRB5ROOT/aname"
#define DEFAULT_KEYTAB_NAME "FILE:@KRB5SRVTABDIR/v5srvtab"
#define DEFAULT_KDB_FILE "@KDB5DIR/principal"
#define DEFAULT_ADMIN_ACL "@KDB5DIR/admin_acl_file"
#define KRB5_PATH_LOGIN "@KRB5ROOT/sbin/login.krb5"
#define KRB5_PATH_RLOGIN "@KRB5ROOT/bin/rlogin"
#define KADM_SYSLOG "@KRB5ROOT/admin_server.syslog"
#define PW_CHECK_FILE "@KRB5ROOT/bad_passwd"
#define DEFAULT_ACL_DIR "@KDB5DIR"
I do not believe that these three variables are sufficient for many
sites; I think that another variable, KRB5CONFDIR, needs to be added.
In particular, sites which have used Kerberos in the past often put
their configuration files in /etc. In order to compile the new krb5
libraries properly without having to move all of their configuration
files, they would therefore have to set KRB5ROOT to /etc. However,
that will cause the built binaries to expect the Kerberos database to
bne in /etc rather than in /krb5, because KDB5DIR defaults to
KRB5ROOT. Furthermore, that will cause the krb5 login to be installed
as /etc/sbin/login.krb5, which is obviously wrong. You get the point.
I believe that you should add KRB5CONFDIR, allow it to be specified
when configure is run just as KRB5ROOT can be specified, and use it,
rather than KRB5ROOT, for DEFAULT_CONFIG_FILENAME,
DEFAULT_TRANS_FILENAME and DEFAULT_LNAME_FILENAME.
jik