Using a stub krb5.conf with "include"
Ken Hornstein
kenh at cmf.nrl.navy.mil
Mon Dec 12 18:47:50 EST 2022
>The profile library has the concept of marking a section or subsection
>as "final", preventing further amendments to that section. But that
>concept does not apply to individual relations (although it was
>erroneously documented as applying to them prior to 1.17.1).
When I looked at the finalization support, I found that it had two
unexpected features:
1) The finalization support only works across files; in other words, if
you have KRB5_CONFIG=/etc/file1:/etc/file2, a finalized section in file1
suppresses the same section in file2. But it doesn't work if it's all
within file1.
2) An include statement in a krb5.conf file does NOT count as a new file for
the purposes of finalization.
If I am wrong about these things, I'd sure love a correction. Honestly,
I can't see a reason why a finalized section in a file just doesn't
suppress further sections, even within the same file.
--Ken
More information about the Kerberos
mailing list