(Final?) krb5.Conf Lexer/Parser Proposal
Theodore Ts'o
tytso at MIT.EDU
Fri Jan 6 16:49:25 EST 2006
On Fri, Jan 06, 2006 at 04:16:03PM -0500, Alexandra Ellwood wrote:
> Support folks for the Mac are already used to asking for the user's
> config files in three different locations, and at least so far users
> have been good about returning all the files. And yes, several times
> we've gotten more than one file back in an Apple bug report with a
> user config file adding the realm that causes the failure and setting
> default_realm to it.
Sounds like a useful thing to do would be to create a small tool which
takes all of the config files and integrates them all into an
"equivalent single config file", either for the user's edification or
for sending to support folks....
I think that would solve the concerns about support.
> Obviously that's a contrived example. My real point is that the
> final signifier '*' syntax is difficult to see in a large config file
> and difficult to figure out what it does. If we decide we want to
> preserve the final signifier mechanism I would argue we need a more
> noticeable and self-descriptive syntax for it. The current syntax is
> more appropriate for a machine-generated config file with a GUI front-
> end that displays what is going on in a clear and obvious manner.
Granted, it could be better. Would something like this more fit the bill?
["top-level section] final
ticket_lifetime = 36000
[realms]
ATHENA.MIT.EDU = final {
kdc = KERBEROS-2.MIT.EDU:88
admin_server = KERBEROS-2.MIT.EDU
}
- Ted
More information about the krbdev
mailing list