(Final?) krb5.Conf Lexer/Parser Proposal

Jeffrey Altman jaltman at MIT.EDU
Fri Jan 6 17:07:28 EST 2006

One of the problems that the OpenAFS community has faced with the
CellServDB file distribution is that there has been no method for
a system administrator to install a public configuration file and
update it to include local modifications without altering the
contents of the public file.  This has caused significant problems
with keeping CellServDB files up to date in an automated manner
as there is no algorithm that can be used to synchronize a locally
installed CellServDB file and one distributed in an OpenAFS update
package.   (* There is a tool that Chaskiel Grundman wrote that
does automate a merge and handles most cases.  However, it fails
if the modifications were to remove server entries for example to
rely on AFSDB instead of the CellServDB for a cell. *)

The chaining functionality is exactly what we need for Kerberos
profiles in order to allow for a public repository of realm
configuration data to be stored and distributed while still
allowing local administrators to install their own configuration
file.   Finalize would be important in this case to allow
administrators to override entirely the data in the public krb5.conf
file if it became out of date.

I think that maintaining a public repository of realm configuration
data would be a worthwhile service.  As such I would like to see
the finalize functionality be maintained.

Jeffrey Altman

More information about the krbdev mailing list