[39163] in Kerberos
Re: Using a stub krb5.conf with "include"
daemon@ATHENA.MIT.EDU (Ken Hornstein via Kerberos)
Mon Dec 12 18:53:42 2022
Message-ID: <202212122347.2BCNlpIN026623@hedwig.cmf.nrl.navy.mil>
To: Kerberos@mit.edu
In-Reply-To: <9722a777-4a57-b242-0994-6eaa589fa1e6@mit.edu>
MIME-Version: 1.0
Date: Mon, 12 Dec 2022 18:47:50 -0500
From: Ken Hornstein via Kerberos <kerberos@mit.edu>
Reply-To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
>The profile library has the concept of marking a section or subsection
>as "final", preventing further amendments to that section. But that
>concept does not apply to individual relations (although it was
>erroneously documented as applying to them prior to 1.17.1).
When I looked at the finalization support, I found that it had two
unexpected features:
1) The finalization support only works across files; in other words, if
you have KRB5_CONFIG=/etc/file1:/etc/file2, a finalized section in file1
suppresses the same section in file2. But it doesn't work if it's all
within file1.
2) An include statement in a krb5.conf file does NOT count as a new file for
the purposes of finalization.
If I am wrong about these things, I'd sure love a correction. Honestly,
I can't see a reason why a finalized section in a file just doesn't
suppress further sections, even within the same file.
--Ken
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
