[16273] in Kerberos_V5_Development
Re: Project Review: kinit -C
daemon@ATHENA.MIT.EDU (Will Fiveash)
Tue Sep 14 20:14:08 2010
Date: Tue, 14 Sep 2010 19:13:29 -0500
From: Will Fiveash <will.fiveash@oracle.com>
To: Sam Hartman <hartmans@mit.edu>
Message-ID: <20100915001329.GB3661@sun.com>
Mail-Followup-To: Sam Hartman <hartmans@mit.edu>,
Simo Sorce <ssorce@redhat.com>, krbdev@mit.edu,
Tom Yu <tlyu@mit.edu>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <tsllj74m41l.fsf@live.mit.edu>
Cc: Tom Yu <tlyu@mit.edu>, krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Tue, Sep 14, 2010 at 05:03:02PM -0400, Sam Hartman wrote:
> >>>>> "Simo" == Simo Sorce <ssorce@redhat.com> writes:
>
> Simo> On Tue, 14 Sep 2010 14:54:35 -0400
> Simo> Sam Hartman <hartmans@MIT.EDU> wrote:
>
> > >>>>> "Tom" == Tom Yu <tlyu@MIT.EDU> writes:
> >>
> Tom> Sam Hartman <hartmans@MIT.EDU> writes:
> >> >> As a result, kinit will link against libkdb5 and libkadm5srv.
> >>
> Tom> I would prefer that this be a build-time option, so that
> Tom> software packagers have more flexibility about whether the
> Tom> kinit binary needs to have the KDC libraries installed.
> Tom> Alternatively, build two versions, kinit and kinit.local, only
> Tom> the latter of which depends on the KDC libraries.
> >>
> >> I'd like to push back on this and ask for someone to step forward
> >> and say that's a problem for their packaging first before we make
> >> the change.
>
> Simo> Unless you want to force people to install libkdb5 and
> Simo> libkadm5srv on every client it looks like it is going to be an
> Simo> issue. That is, unless you explicitly dlopen() these libraries
> Simo> therefore not making them a strong dependency and breaking
> Simo> only the impersonation functionality if they are not
> Simo> available.
>
> Right. I was going to recommend installing libkdb5 and libkadm5srv
> everywhere. Personally, I don't see a problem with that with my Debian
> hat on, but if other packagers do, then we can look at approaches.
This would cause packaging changes for Solaris. Given this must run on
the KDC, maybe it should be a separate utility, or a modification to
kadmin.local?
--
Will Fiveash
Oracle
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet text based e-mail app: http://www.mutt.org/
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
