Environment variable for client flags?

Greg Hudson ghudson at mit.edu
Mon Jul 9 11:11:05 EDT 2018


On 07/07/2018 02:29 PM, John Devitofranceschi wrote:
> Has an environment variable for client flags ever been considered?
> 
> The specific use case I’m thinking about is a situation where a user may want to override a system-wide configuration without the overhead of managing their own KRB5_CONFIG file.

I don't think that idea has come up before.  The Kerberos development 
community has traditionally had some antipathy towards environment 
variables, although of course a number of them have been added over time.

You can currently specify multiple config files, like:

   KRB5_CONFIG=/path/to/my/config:/etc/krb5.conf

How overrides work in this construction isn't as well-defined as I would 
like, but for initial ticket options, relations defined in the first 
file should take precedence.

Although using <(printf "[libdefaults]\n forwardable=false\n") in the 
above construction might be convenient, it should be avoided for now 
because of http://krbdev.mit.edu/rt/Ticket/Display.html?id=8651 .


More information about the Kerberos mailing list