[1199] in Kerberos_V5_Development
New KADM5 API spec
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Thu May 16 15:47:27 1996
Date: Thu, 16 May 96 15:47:11 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: krbdev@MIT.EDU, jik@cam.ov.com
I have recovered from my temporary dementia of yesterday afternoon in
which I was overcome with a desire to rewrite the entire Kerberos
database system. I now have drafted changes to the KADM5 API,
creating KADM5_API_VERSION_2, that are coherent, small, and sufficient
to support Kerberos' current functionality. The new version of the
document lives in /mit/krbdev/doc/specs/admin/lib/api-funcspec.tex.
The file cb-funcspex.{dvi,PS} in that directory have the same content
but with changebars highlighting the version 2 changes; note however
that LaTeX changebars are less than perfect. The changes are not
complete, but they communicate all of the essential details (and many
more) of the version 2 changes.
Please review the API and changes and comment on them. Kerberos is
presumably going to live with this admin api for a while, now is your
best chance to affect it. :-)
As for the database interface issues I was discussing yesterday: after
conversation and thought, I decided that the kadm5 api should keep its
basic design of exporting and operating on a "principal structure"
that is not the same as the database structure, even though it
contains essentially the same data (and the same field names). The
database may be record-based, or it may contain a stream of tagged
data, or it may even contain a gross hybrid of the two (ahem); but the
admin application programmer shouldn't care. The kadm5 api should
present an interface that allows admin applications to get their job
done with as little fuss as possible; therefore, it defines its own
interface that is sensible for this api, and the library takes care of
conversions to underlying structures.
Barry
