[krbdev.mit.edu #8981] domain_realm documentation is still confusing
Greg Hudson via RT
rt at krbdev.mit.edu
Mon Jan 25 10:59:23 EST 2021
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8981 >
There was a historical disagreement between the code and the documentation for
[domain_realm]. In the code, a mapping for x.y always implied subdomains of x.y
as well as x.y itself, while the documentation originally claimed that it would
only apply to x.y. So, you can still find config fragments floating around in
our environment with a lot of redundant [domain_realm] entries (mit.edu and
.mit.edu, for instance).
In commit 8f5ce824012f2caab6770df464f096c38dc4cb2e (ticket 7960), we corrected
the example and wrote that "A host name relation implicitly provides the
corresponding domain name relation, unless an explicit domain name relation is
provided." But I can see how that's unclear; we're still introducing the wrong
concepts and then describing the code behavior as an afterthought. It might be
more correct to describe x.y relations as applying to a domain (including all
subdomains) and .x.y as applying only to subdomains of x.y.
More information about the krb5-bugs
mailing list