[4936] in testers
ktutil
daemon@ATHENA.MIT.EDU (Mitchell E Berger)
Mon Jul 2 21:24:40 2001
Message-Id: <200107030124.VAA20452@byte-me.mit.edu>
To: testers@MIT.EDU
Date: Mon, 02 Jul 2001 21:24:37 -0400
From: Mitchell E Berger <mitchb@MIT.EDU>
I haven't heard anything about this in quite a while, though there were
initially several suggestions on how to fix it. The five I'm aware of are:
1) Remove the Sun Kerberos binaries
2) Move our ktutil (and possibly others) from /usr/athena/etc to /usr/athena/bin
3) Change /usr/athena/etc to come before /usr/bin in the default path
4) Set KRB5_CONFIG (or whatever the correct name is)
5) Link /etc/krb5/krb5.conf to /etc/krb5.conf
Bob suggested that I investigate which package Sun installs their Kerberos
binaries as a part of so we could consider removing it. I have done so, and
it seems that Sun considers ktutil to be of equal importance to such favorites
as cat, chmod, and cp, as their Kerberos binaries are part of the package
SUNWcsu (the /usr core Solaris package). Thus removing the package, and
choice #1 above (unless someone wants to create a real hack) aren't viable
options.
I worry that #3 might affect something other than Kerberos, and Bob has
pointed out that putting /usr/athena/etc earlier in the path would cause a
slight performance degradation, so this probably isn't the right choice
either.
Setting an environment variable, though I believe it will work, doesn't sound
ideal to me because it seems more like a per-user than a per-machine solution.
If we don't care about whether we're running our own binaries, then #2 and #5
seem about the same, however, running some of our own binaries and some of
another vendor's binaries for the same package (i.e. Kerberos) seems wrong
and will cause an updated ktutil that we install not to be the one that's used.
If anyone else would like to take a stab at the answer, that'd be great, but
since nobody has yet decided to endorse one of the possibilities, I'd advocate
moving ktutil (possibly with our other Kerberos /usr/athena/etc binaries) to
/usr/athena/bin. I think it's important that we do something about this since
it will bite just about anyone that tries to run ktutil, and the reason for
its failure will not be at all obvious.
Mitch
