pkinit kinit/krb5.conf naming inconsistencies
Nicolas Williams
Nicolas.Williams at sun.com
Mon Sep 15 16:28:05 EDT 2008
On Mon, Sep 15, 2008 at 03:54:06PM -0400, Jeffrey Hutzelman wrote:
> >That makes sense, but perhaps the right answer would be to provide
> >Heimdal-compatible aliases for use in krb5.conf while having the same
> >canonical parameter names for both, krb5.conf and kinit -x.
>
> Ugh ugh ugh.
> If you have two parameters that do the same thing, and both are given,
> which one is used? Isn't it bad for the answer to be "it depends on which
> implementation you happen to be using", on a system where both exist?
I really don't care for Heimdal-compatible configuration parameters.
But I don't mind them.
What I object to is an inconsistent UI (when you consider sysadmins and
users both). And I agree with your observation, aliases would be bad.
So pick one: x509_* or pkinit_*.
Alternatively: have aliases only for kinit -x param names.
I'm assuming that Heimdal's kinit doesn't have this -x thing, that in
Heimdal if you want to override the system's krb5.conf you should use
the KRB5_CONFIG environment variable.
More information about the krbdev
mailing list