pkinit kinit/krb5.conf naming inconsistencies

Nicolas Williams Nicolas.Williams at
Mon Sep 15 10:01:40 EDT 2008

On Sat, Sep 13, 2008 at 07:51:09PM -0400, Kevin Coffman wrote:
> On Thu, Sep 11, 2008 at 1:33 AM, Glenn Barry <Glenn.Barry at> wrote:
> > Is there a good reason for these to be diff?
> Hi Glenn,
> Yes, as I recall, there was.
> We were making an effort to match the options in the config file with
> those used by Heimdal where possible.
> For the "-X" preauth options, Sam did not want them to be
> pkinit-specific since they could possibly be used with other preauth
> methods in the future.

That makes sense, but perhaps the right answer would be to provide
Heimdal-compatible aliases for use in krb5.conf while having the same
canonical parameter names for both, krb5.conf and kinit -x.

It's one thing to be compatible with another implementation's
configuration parameter names.  It's another to make things confusing
for the user.  We can have the former without the latter.  Yes, it's
more code -- how much more depends on whether the parameter value
syntaxes can be compatible even with diff. param. names -- but from a UI
p.o.v. it's quite useful.


More information about the krbdev mailing list