[1338] in Kerberos_V5_Development
Re: kadm5 api, krb5_tl_data, type number assignment
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Wed Jun 19 22:16:05 1996
Date: Wed, 19 Jun 1996 22:15:59 -0400
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: "Barry Jaspan" <bjaspan@MIT.EDU>
Cc: krbdev@MIT.EDU
In-Reply-To: Barry Jaspan's message of Tue, 18 Jun 1996 15:35:29 -0400,
<9606181935.AA07387@DUN-DUN-NOODLES.MIT.EDU>
Date: Tue, 18 Jun 1996 15:35:29 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
2. The fact that we'd have to create a completely parallel data
structure and suite of functions just to avoid using something from
libkdb elsewhere in krb5 indicates that perhaps the first set
shouldn't be in libkdb in the first place. Thus, option 2 is to
remove the krb5_tl_data routines from libkbd, put them somewhere more
general (libkrb5, libkrb5util, whatever), and have kadm5 use
krb5_tl_data directly.
3. Admit to ourselves that what the kadm5 is really doing is
exporting a low-level feature of libkdb directly to callers and,
therefore, not get too upset with the fact that it is also exposing
the underlying data structure to do it rather than inventing a
duplicate that would serve no additional purpose. Option 3 is
therefore do nothing, leave it the way it is. The big disadvantage
here is that it means kadm5 rpc clients (programs that do not run on
the kdc) have to link against libkdb to get the krb5_tl_data routines.
Given these three, I'd say the mental attitude of 3 and the action of
2 are the correct choice.
This does seem to be the best of a bad situation, yes. I'd suggest
dumping in in libkrb5util. I'm a bit concerned that libkrb5util is
turning into a dumping ground, but libkrb5 doesn't seem to be the right
place for it, either.
On a separate but related topic, Marc has made the following
suggestion for the name space of krb5_tl_data tl_data_type values:
0 <= x < 256 reserved for internal use MIT
256 <= x < 32768 should only be used if registered with MIT
32768 <= x < 65536 application-defined
Applicaiton-defined makes no sense; I assume you mean "site-defined"?
- Ted
