[16110] in Kerberos_V5_Development
Re: Profile include support
daemon@ATHENA.MIT.EDU (Nicolas Williams)
Mon Aug 23 14:51:43 2010
Date: Mon, 23 Aug 2010 13:51:31 -0500
From: Nicolas Williams <Nicolas.Williams@oracle.com>
To: ghudson@mit.edu
Message-ID: <20100823185128.GO5217@oracle.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <201008231503.o7NF3wYg014782@outgoing.mit.edu>
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Mon, Aug 23, 2010 at 11:03:58AM -0400, ghudson@MIT.EDU wrote:
> * The syntax "include PATTERN" is simple and clear, but may not be
> optimal. It could break existing profile files which contain an
> "initial comment" (any text before the first line beginning with
> '[') with a line which happens to begin with "include". Also, adding
> an include directive anywhere other than the beginning of a
> krb5.conf file would cause earlier versions of krb5 to generate a
> syntax error. Other syntax options include:
> - Masquerade as a comment: #include PATTERN
> - Masquerade as a section: [include PATTERN]
> - Distinctive punctuation: @include PATTERN
Or:
include = PATTERN
in [libdefaults], with multiple instances allowed.
I prefer this because it seems friendliest to existing parsers. OTOH,
it doesn't appear to be anything like a directive.
> * Nothing in the design prevents include directives containing
> relative paths or patterns. Such an include directive would have
> unpredictable effects since the current working directory would be
> different for different invocations of the krb5 library. Should the
> profile library protect the administrator by restricting include
> directives to absolute paths? If so, how should it portably
> recognize an absolute path?
Paths should definitely be absolute, or relative to /, not to the
current directory of the running process.
> * Should an include directive ever result in a fatal error? Possible
> error cases include:
All should be optional or all should be required. If you want some
optional and some required then please have two directives ('include'
and 'require').
Nico
--
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
