Replacing master/slave terminology
Nate Coraor
nate at bx.psu.edu
Wed Jun 10 17:26:56 EDT 2020
On Wed, Jun 10, 2020 at 5:04 PM Greg Hudson <ghudson at mit.edu> wrote:
> MIT krb5 switched to using "replica" for non-primary KDCs as of release
> 1.17. This was an easy change technically, as the old term was only
> used in a user-visible way in documentation and in the name of one
> profile relation. The pull request for that change was here:
> https://github.com/krb5/krb5/pull/851
Hi Greg,
This is fantastic and encouraging news, thanks! I'm not sure how I missed
this. If I can find the time I'll see if it'd be as simple for Heimdal, or
perhaps someone from the Heimdal side will chime in. In specific, iprop
uses "slave" even more prominently than kprop did, I believe.
> Replacing the term "master" is a larger technical challenge. We use
> that term in a DNS SRV record label (_master_kdc), and migrating that
> would come with a cost in network traffic and latency. Aside from the
> kprop architecture, we also use the term "master key" to describe the
> key used to encrypt long-term keys in the KDC database.
>
Technical considerations are certainly factors. I wonder if it'd be
reasonable to allow clients to specify a preference when performing the SRV
record lookup?
I have rationalized to myself that the term "master" is the less
> problematic of the two terms, as it is used in a lot of different
> contexts (such as physical master keys, martial arts masters, master
> plumbers, and master recordings of records). But I don't know if that
> rationalization is adequate; from recent discussion I know that git's
> use of "master" for the initial default branch name has become a point
> of contention.
>
I largely agree here, it's less problematic. I do think it'd be preferable
to refer to the "master" server as e.g. "primary", but master key seems
fine as it has an established unencumbered meaning.
Thanks,
--nate
More information about the Kerberos
mailing list