[16927] in Kerberos-V5-bugs
[Comment] [krbdev.mit.edu #9117] profile write operation interactions
daemon@ATHENA.MIT.EDU (kenh@cmf.nrl.navy.mil via RT)
Fri Apr 12 14:05:08 2024
From: "kenh@cmf.nrl.navy.mil via RT" <rt-comment@kerborg-prod-app-1.mit.edu>
In-Reply-To: <202404121804.43CI4t6i001968@hedwig.cmf.nrl.navy.mil>
Message-ID: <rt-4.4.3-2-1528742-1712945098-1035.9117-8-0@kerborg-prod-app-1.mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9117":;
Date: Fri, 12 Apr 2024 14:04:58 -0400
MIME-Version: 1.0
Reply-To: rt-comment@kerborg-prod-app-1.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
http://kerborg-prod-app-1.mit.edu/rt/Ticket/Display.html?id=9117
This is a comment. It is not sent to the Requestor(s):
>If I got it right, the FreeRDP use case is to export a modified
>version of the tree where the list of KDC addresses for a given realm
>is replaced by another address. I believe the reason why they use such
>an approach is because of the "*" marker limitation for relations in
>subsections[2].
Even if the "*" finalization marker was supported for subsection relations,
I believe that only works across files specified in the search path.
E.g., a KRB5_CONFIG file that specified "/etc/krb5-1.conf:/etc/krb5-2.conf",
it would work finalize a section in krb5-1.conf. But files included
using the "include" directive don't count as separate files for
this purpose. Sadly this makes finalization much less useful.
--Ken
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
