[2078] in Kerberos_V5_Development
Re: v5srvtab vs krb5.keytab
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Thu Dec 5 21:50:03 1996
Date: Thu, 5 Dec 1996 21:49:37 -0500
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: krbdev@MIT.EDU
Cc: Ken Hornstein <kenh@cmf.nrl.navy.mil>, Paul A Vixie <paul@vix.com>
Cc: Doug Engert <deengert@anl.gov>, Andrew Hobson <ahobson@mindspring.com>
Cc: Dave McGuire <mcguire@neurotica.com>, Joe Gross <jgross@uiuc.edu>
In-Reply-To: Ken Hornstein's message of Thu, 05 Dec 1996 17:31:19 -0500,
<199612052231.RAA19010@ginger.cmf.nrl.navy.mil>
Date: Thu, 05 Dec 1996 17:31:19 -0500
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
I just noticed that kadmin still defaults to using "/etc/v5srvtab" as
the keytab name, instead of krb5.keytab. Probably not serious since
the user can supply the keytab name on the command line, but it took
me by surprise.
We've decided that this is worth doing a thaw, because this defaulting
in the kadmin CLI will cause a large amount of confusion, even if it can
be worked around by users. It also turns out that a number of man pages
also need to be updated to fix the usage of /etc/v5srvtab, so we're
going to fix those while we're at it.
The next result of this is that we're going to push back the Kerberos
1.0 release to December 17th (i.e., after the IETF.) By tomorrow, I
will be cutting a new 1.0 candidate release, and we will be asking the
builders of binary distributions to grab the new release when it is
ready, and build the new release.
The change of /etc/v5srvtab to /etc/krb5.keytab was a change made at the
last minute, in the hopes that new-comers to Kerberos V5 find the name
much less confusing (it makes sense only if you're familiar with
Kerberos V4). Unfortunately, there are risks associated with making a
change this close to the code freeze, and we paid the price for taking
this release by needing to push back the release date.
Nevertheless, we'll be able to make the release before the end of 1996,
which was an important goal. Fortunately, the schedule had room for one
or two release slips without sacrificing that goal. My thanks to all of
the people who've spent time building the first 1.0 candidate release,
and my special thanks to Ken Horstein for catching this problem before
the release went out. The eventual 1.0 release will be much better as a
result.
- Ted
P.S. I was rather disappointed that I wouldn't be able to announce the
Kerberos V5 1.0 release at the IETF, but sometimes these things just
don't work out.
