(Final?) krb5.Conf Lexer/Parser Proposal

Jeffrey Altman jaltman at MIT.EDU
Thu Jan 5 10:21:39 EST 2006

Theodore Ts'o wrote:
> It seems likely that the only platform that is likely to want to
> support chaining of configuration files is Unix, since it's there that
> you might want to have user home directories with user-specific config
> files that might override the system config file.  That semantic
> concept largely doesn't seem to exist on Windows or Macintosh, even
> with MacOS X, probably because they are fundamentally engineered to be
> single-user systems.

I have to disagree that the only platform that would want this is Unix.
For all of the configuration that is supported on Windows but stored in
the registry, there is already a very complex layering:

 * user specified values (in the User registry hive)

 * local machine values (in the Local Machine registry hive)

 * developer defaults (in the executable resources)

The user interface allows a user to only edit the User hive data.

The way I would view a chained profile is that the writes are only
allowed to be written to the first file in the chain.   Where the
user interfaces are lacking is in the ability to give the user the
choice of adding additional information to a section or replacing
a section entirely.

For example, if a user wants to remove one kdc from a realm section
which is inherited from a non-first profile, the profile library
must be smart enough to copy the entire section minus the one
entry to the first file and set the finalizer.

Any managed machines are going to what this level of functionality.

Jeffrey Altman

More information about the krbdev mailing list