[1530] in Kerberos-V5-bugs
Re: krb5.b5 buglet: krb5.conf not affected by --with-krb5-root ?
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Thu Jul 6 11:23:28 1995
Date: Thu, 6 Jul 1995 11:23:19 +0500
From: Theodore Ts'o <tytso@MIT.EDU>
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
Cc: krb5-bugs@MIT.EDU
In-Reply-To: "[1529] in Kerberos-V5-bugs"
Date: Thu, 6 Jul 1995 06:26:10 -0700
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
It may be a deliberate `feature' that @KRB5ROOT (set from --with-krb5-root)
doesn't affect krb5.conf, but I find it confusing and easy to forget;
so I'd tend to call it a bug.
Is this deliberate behaviour (perhaps even with a well-thought-out
rationale) or just an accident?
The fact that /etc/krb5.conf is always located in one place was
carefully thought out. It makes life much less confusing if all
Kerberos implementations look in the same place for the configuration
file.
KRB5ROOT as a concept is disappearing, however. We're now using the
configure standard argument of --prefix and --exec-prefix to determine
where the binaries and the data files are stored. This should result in
a much more coherent filesystem hierarchy, which actually conforms to
most filesystem standards.
The basic idea is that once you can read /etc/krb5.conf, all other
pathnames can be configured from that one file. In other words
/etc/krb5.conf will act as a the only "fixed point"; everything else
will be easily reconfigured (and located) by referring to that one file.
There will likely be defaults configured into the code in case
/etc/krb5.conf doesn't specify some specific file, but the general idea
is to reduce the number of hardcoded pathnames in the Kerberos library
to an absolute minimum.
- Ted
