need project review
Will Fiveash
William.Fiveash at sun.com
Mon Apr 7 14:49:44 EDT 2008
On Mon, Apr 07, 2008 at 11:28:00AM -0400, Jeffrey Hutzelman wrote:
> --On Friday, April 04, 2008 03:18:57 PM -0500 Nicolas Williams
> <Nicolas.Williams at sun.com> wrote:
>
>> On Fri, Apr 04, 2008 at 03:00:41PM -0500, Nicolas Williams wrote:
>>> IMO we should deprecate stash files altogether. That should make this
>>> issue go away -- what's the point of having a stash file if nothing will
>>> read it?
>>
>> I should clarify. I think that the only thing that reads stash files
>> should be the tool that migrates them to keytab file entries. That
>> could be built-in to krb5kdc and kadmind, or it could be a standalone
>> tool. Either way the stash file should be read once, migrated, and
>> removed or ignored thereafter.
>
> If you do that, then a tool to convert back becomes essential, instead of
> just useful. It should not ever be the case that merely running a new KDC
> or kadmind results in my stash file or database being automatically
> converted to a format that will not work with the version I was running a
> few minutes ago and might need to revert to.
Again, my design does not do this.
> Personally, I'm very wary of gratuitous automatic conversion. It would be
> fine to convert to the new format when a feature is used that makes it
> necessary, but doing it just because the new code ran is asking for
> trouble.
I share your concern.
--
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/
More information about the krbdev
mailing list