need project review
Henry B. Hotz
hotz at jpl.nasa.gov
Sat Apr 5 15:15:23 EDT 2008
On Apr 5, 2008, at 9:15 AM, krbdev-request at mit.edu wrote:
> Date: Fri, 4 Apr 2008 15:18:57 -0500
> From: Nicolas Williams <Nicolas.Williams at sun.com>
> Subject: Re: need project review
> To: Jeffrey Hutzelman <jhutz at cmu.edu>, Will Fiveash
> <William.Fiveash at sun.com>, MIT Kerberos Dev List <krbdev at mit.edu>
> Message-ID: <20080404201857.GN16998 at Sun.COM>
> Content-Type: text/plain; charset=us-ascii
>
> On Fri, Apr 04, 2008 at 03:00:41PM -0500, Nicolas Williams wrote:
>> IMO we should deprecate stash files altogether. That should make
>> this
>> issue go away -- what's the point of having a stash file if nothing
>> will
>> read it?
>
> I should clarify. I think that the only thing that reads stash files
> should be the tool that migrates them to keytab file entries. That
> could be built-in to krb5kdc and kadmind, or it could be a standalone
> tool. Either way the stash file should be read once, migrated, and
> removed or ignored thereafter.
That's OK, but as was said before it's hard to get approval for a
change if there isn't a tested rollback procedure. A bit if
documented thought about how to do that would be a good thing, even if
it's "restore from a backup". This change seems low risk and likely
to fail quickly if it does fail.
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the krbdev
mailing list