[1193] in Kerberos_V5_Development
Re: krb5_db_entry and kadm5 info
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Thu May 16 11:57:01 1996
Date: Thu, 16 May 1996 11:56:48 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: sommerfeld@orchard.medford.ma.us
Cc: krbdev@MIT.EDU
In-Reply-To: <199605160113.BAA00586@orchard.medford.ma.us> (message from Bill Sommerfeld on Wed, 15 May 1996 21:13:13 -0400)
Having spoke with Marc and re-thought the purpose of the admin API, I
no longer intend to remove the tagged data from krb5_db_entry, or in
fact to make any substantial changes to libkdb at all. However, I'm
still going to respond to what I consider faulty reasoning in
everyone's arguments as to why I shouldn't have done so.
There are multiple reasons for retrieving info from the KDC database;
you may not want all of it at one time.
Yes, certainly true. With the current implementation, however, you
don't have a choice. krb5_db_entry contains a linked list of tagged
data, but you can only retrieve a db_entry with all of its tagged data
at once, or none at all. Furthermore, the API is not designed in a
way that individual retrieval can be implemented within the same
abstraction. Therefore, the tagged data is "unusable flexibility."
There are ways of structuring attribute fetches which aren't that
painful to deal with...
There are, but krb5 doesn't use them.
Barry
