[16702] in Kerberos-V5-bugs
[krbdev.mit.edu #8981] domain_realm documentation is still confusing
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Mon Jan 25 11:00:12 2021
From: "Greg Hudson via RT" <rt@krbdev.mit.edu>
In-Reply-To: <BN6PR05MB3137AB67C9818AE94BBEDC4BAEBD9@BN6PR05MB3137.namprd05.prod.outlook.com>
Message-ID: <rt-4.4.4-111582-1611590363-201.8981-5-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #8981":;
Date: Mon, 25 Jan 2021 10:59:23 -0500
MIME-Version: 1.0
Reply-To: rt@krbdev.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8981 >
There was a historical disagreement between the code and the documentation for
[domain_realm]. In the code, a mapping for x.y always implied subdomains of x.y
as well as x.y itself, while the documentation originally claimed that it would
only apply to x.y. So, you can still find config fragments floating around in
our environment with a lot of redundant [domain_realm] entries (mit.edu and
.mit.edu, for instance).
In commit 8f5ce824012f2caab6770df464f096c38dc4cb2e (ticket 7960), we corrected
the example and wrote that "A host name relation implicitly provides the
corresponding domain name relation, unless an explicit domain name relation is
provided." But I can see how that's unclear; we're still introducing the wrong
concepts and then describing the code behavior as an afterthought. It might be
more correct to describe x.y relations as applying to a domain (including all
subdomains) and .x.y as applying only to subdomains of x.y.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
