[1466] in Kerberos_V5_Development
Re: Beta 7 release not happening today
daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu Aug 1 17:06:18 1996
To: "Barry Jaspan" <bjaspan@MIT.EDU>
Cc: tytso@MIT.EDU, krbcore@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 01 Aug 1996 17:05:52 -0400
In-Reply-To: "Barry Jaspan"'s message of Thu, 1 Aug 1996 15:54:47 -0400
>>>>> "bjaspan" == "Barry Jaspan" <bjaspan@MIT.EDU> writes:
bjaspan> * kdb5_util has a lousy user interface; some commands use the
bjaspan> -d on the command line. Other commands require that
bjaspan> ignore the -d on the command line, and use the -d on the
bjaspan> ss subcommand line.
bjaspan> You're right, it is pretty confusing. The sub-commands that take -d
bjaspan> are load_db and load_v4_db. My thinking was that you rarely wanted to
bjaspan> load a database on top of another one that already exists (in fact the
bjaspan> code will fail when you try this, which may also be a bug).
bjaspan> Generally, you want to run "load file foo into database bar." But
bjaspan> this does contradict the overall paradigm of specifying the one
bjaspan> database name for the program's invocation on the command line. Hmmm,
bjaspan> I'll have to think about it more.
What? The normal case of loading a database is when a
database is pushed to a slave server. In this case, you do generally
want to load over principal, don't you? Also, when I manually push a
database or restore from a backup, if I know the dump is good, I will
generally overwrite my active database.
This brings me to another point. We should test to make sure that Beta 7 works with a slave server.
bjaspan> (Why isn't there a sensible default for this, anyway?)
bjaspan> The only "sensible" default acl I can think of for the admin server is
bjaspan> the empty acl, which allows everyone to retrieve their own principal
bjaspan> and policy record and change their own password. I suppose you could
bjaspan> argue this is "useful", but it doesn't allow any administrator to do
bjaspan> anything, which is after all the purpose of the kadm5 system. Thus, I
bjaspan> don't think it is "sensible." Some acl entries will be required, so a
bjaspan> default acl is not necessary.
However, there is a reasonable default for the ACL file. ($prefix/lib/krb5kdc/acl) or something like that.
bjaspan> * kadmin/kadmind should be run under purify, if this hasn't been
bjaspan> done already
bjaspan> I have run the server-side API unit tests under Purify, and run the
bjaspan> client-side API unit tests against a server which was under Purify. I
bjaspan> fixed all errors and *most* memory leaks; when I was done, the most
bjaspan> substantial memory leaks were in libkdb.a, and I sent bug reports
bjaspan> about them.
bjaspan> Barry
