(Final?) krb5.Conf Lexer/Parser Proposal

Jeffrey Altman jaltman at MIT.EDU
Mon Jan 9 09:17:54 EST 2006

Theodore Ts'o wrote:
> Yes, but you still don't and can't know how to effect certain changes,
> because you still don't know from which file various relations or
> sections might come from.  For example, if you want to delete a kdc,
> and it is in the first profile file, then it's easy --- you just
> delete the relation.  But if it isn't, you have to replicate the realm
> information, slap the finalizer on it, and then remove the first KDC
> --- but there's no way to know that using the current API.

This is not a failure of the API.   This is a failure of the state
information stored in memory.   The profile library can store with
every relation the source of the data in that relation.   There is
absolutely no reason that the application should be aware of where
composite data comes from.

> If you're the system administrator, you would also expect you could
> make changes to the local machine hive, yes?  And yet the current
> profile API would have no way of doing that.....

System administrators are clueful enough to be able to configure the
profile to refer *only* to the "system" profile and not the "user"
profile or to be able to edit the file by hand.

Jeffrey Altman

More information about the krbdev mailing list