[1459] in Kerberos_V5_Development
proposal: db support in aname_to_localname going away
daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu Aug 1 14:09:28 1996
Date: Thu, 1 Aug 1996 14:09:09 -0400
From: Sam Hartman <hartmans@MIT.EDU>
To: krbdev@MIT.EDU
The dependence of libkrb5.a on libdb.a has caused problems for
us over the past few months whenever we deal with shared libraries or
the database stuff.
Also, I contend that the db support in aname_to_localname
doesn't really buy you much for the following two reasons:
* There is already code in the aname_to_localname to look for
exceptions to rules directly in krb5.conf. If someone has enough
exceptions to their aname_to_localname rules that they can justify the
speed of a database lookup over the simplicity of a linear search of
krb5.conf, they have a unusual enough situation that it's reasonable
to expect them to do some work on their own.
* The rule mechanism is fairly general and is likely to be sufficient
for most uses.
If people really think that the database support needs to stay
in krb5_aname_to_localname, I need to take drastic steps to get Linux
shared libraries working again. I can either:
* Modify the db build process to generate a shared libdb.a
* Modify the db build process to generate PIC object files in addition
to non-PIC object files and merge these into the shared libkrb5.so
* Expect all applications to link in most of libdb.a statically. Note
that the symbols actually will get pulled into the application because
they are referenced in libkrb5.so.
--Sam
