[1632] in Kerberos_V5_Development
kadm5_get_config_params vs. krb5_read_realm_params
daemon@ATHENA.MIT.EDU (epeisach@MIT.EDU)
Sat Aug 24 19:19:16 1996
From: epeisach@MIT.EDU
Date: Sat, 24 Aug 1996 19:19:12 -0400
To: krbcore@MIT.EDU
Anyone who has eve looked at kadm5/alt_prof.c will see that there is
alot of redundant code.
krb5_read_realm_params was the old way or parsing the kdc.conf file
while kadm5_get_config_params was the design for a cleaner interface
which the new admin system is using. Currently, the only code that uses
krb5_read_realm_params is krb5kdc.
To make matters worse, kadm5/admin.h and include/krb5/adm.h both declare
the structure for krb5_realm_params - and heaven help us if they ever
get out of sync. (not to mention krb5_key_salt_tuple as well).
This is probably because old code would include adm.h, while new code
includes kadmin/admin.h.
So what does each of these two functions look for?
Essentially the same parameters, except kadm5_get_config_params has some
extra field (like admin_database_name) and is lacking "kdc_ports".
Proposal:
a) Add the missing kdc_ports to kadm5_get_config_params.
b) Modify krb5kdc to use kadm5_get_config_params.
c) Remove krb5_realm_params
d) krb5/adm.h remove krb5_realm_params as only use in tree will be gone.
e) Leve the key_salt_tuple multiple dclarations as is for further
investigation.
(c) might cause some controversy - but do we really want to support this
old code forever?
(e) There is some old cruft in include/krb5/... which really needs to be
cleaned up sometime. I want to limit the scope. For instance, the
key_salt_tuple declaration from include/krb5/adm.h is needed throughout
the tree includeing lib/kdb. I think include/krb5/adm.h is the wrong
place as it has declarations for the old kadm system - which are still
in use thoughout the tree - the Mac and DOS platforms still depend on
lib/kadm - not lib/kadm5.
So - do people think this is the right thing to do?
ezra
