[1670] in Kerberos_V5_Development
Re: Propsal: Add krb5_get_profile...
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Thu Aug 29 18:28:16 1996
Date: Thu, 29 Aug 1996 18:28:10 -0400
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: Marc Horowitz <marc@MIT.EDU>
Cc: epeisach@MIT.EDU, krbcore@MIT.EDU
In-Reply-To: Marc Horowitz's message of Thu, 29 Aug 1996 13:56:54 EDT,
<9608291756.AA19270@DUN-DUN-NOODLES.MIT.EDU>
Date: Thu, 29 Aug 1996 13:56:54 EDT
From: Marc Horowitz <marc@MIT.EDU>
I think that krb5.conf should be the config file for the krb5
library/system. Application configuration information should go in an
application configuration file. The krb5.conf profile information
should remain internal to the library, or accessible only by specific
api calls like krb5_default_realm().
I think I have to agree with Marc, in terms of the original intent of
krb5.conf being for krb5 library/system. I'm not quite as against the
idea of making the profile information accessible outside the library,
and I'm not against the idea of designing an generic interface and
having a profile stanza for things like "forward tickets" or
"encryption" which would be application-independent options which apply
to many Kerberos applications.
But applications will probably want their own configuration file if they
want to be able to override the generic krb5.conf defaults, and if the
application configuration is specific to the application, it really
should go to a separate profile file.
- Ted
