[Comment] [krbdev.mit.edu #9117] profile write operation interactions with multiple files
kenh@cmf.nrl.navy.mil via RT
rt-comment at kerborg-prod-app-1.mit.edu
Fri Apr 12 14:04:58 EDT 2024
http://kerborg-prod-app-1.mit.edu/rt/Ticket/Display.html?id=9117
This is a comment. It is not sent to the Requestor(s):
>If I got it right, the FreeRDP use case is to export a modified
>version of the tree where the list of KDC addresses for a given realm
>is replaced by another address. I believe the reason why they use such
>an approach is because of the "*" marker limitation for relations in
>subsections[2].
Even if the "*" finalization marker was supported for subsection relations,
I believe that only works across files specified in the search path.
E.g., a KRB5_CONFIG file that specified "/etc/krb5-1.conf:/etc/krb5-2.conf",
it would work finalize a section in krb5-1.conf. But files included
using the "include" directive don't count as separate files for
this purpose. Sadly this makes finalization much less useful.
--Ken
More information about the krb5-bugs
mailing list