pkinit kinit/krb5.conf naming inconsistencies

Henry B. Hotz hotz at
Thu Sep 18 13:18:52 EDT 2008

*sigh* I should be more careful about editing distribution lists.

I hope no one at MIT was personally offended by what I said about  
openness.  The comment was meant as a generic observation on  
appearances.  It might even be obsolete.

If I might make a related, strategic suggestion:  If you allocated  
some resources to quick review of unsolicited contributions, you would  
get some genuine PR benefit, and more volunteers contributing.  While  
the improvements mightn't align with official priorities, they would  
be guaranteed to align with the priorities of some real users, without  
the overhead of evaluating priorities.

Of course you may conclude that there isn't a corresponding benefit in  
monetary contributions.  I realize that most open source projects are  
ancillary to other funded efforts.

On Sep 17, 2008, at 8:28 AM, krbdev-request at wrote:

> Date: Tue, 16 Sep 2008 22:54:51 -0700
> From: "Henry B. Hotz" <hotz at>
> Subject: Re: pkinit kinit/krb5.conf naming inconsistencies
> To: Nicolas Williams <Nicolas.Williams at>
> Cc: "Hotz, Henry B" <henry.b.hotz-100849 at>,
>        "krbdev at" <krbdev at>
> Message-ID: <12195BB7-30B1-41DC-890A-16FEABAFF348 at>
> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
> On Sep 16, 2008, at 1:54 PM, Nicolas Williams wrote:
>> On Tue, Sep 16, 2008 at 01:45:46PM -0700, Henry B. Hotz wrote:
>>> On Sep 16, 2008, at 9:12 AM, krbdev-request at wrote:
>>>> I'm assuming that Heimdal's kinit doesn't have this -x thing, that
>>>> in
>>>> Heimdal if you want to override the system's krb5.conf you should
>>>> use
>>>> the KRB5_CONFIG environment variable.
>>> I care a lot more about rationalizing the krb5.conf file than the
>>> command line options.  For reference:
>> Meaning what?  That you don't care about the difference in naming in
>> kinit -x?
> Actually I don't see a -x option in 1.6.x either.  From context, I'm
> assuming that you follow it with some krb5.conf item you want to
> override?  If so, that would make my distinction meaningless.
>>> kinit --pk-user=<x509 identity> --x509-anchors=<directory> --pk-use-
>>> enckey ...
>> Is the above how Heimdal does it?  I don't mind that, but I do mind
>> kinit -x <param-name-that-doesn't-relate-to-krb5.conf>.
>> In any case, I suppose that MIT filibusters by silence, thus nothing
>> will change and I'm just wasting my time.
> Who has commit rights?
> I learned to have a lot of respect for Sam.  He seemed to have good
> reasons for what he was doing (and what he rejected).  OTOH I've
> always felt that MIT isn't as receptive as a normal open source
> project needs to be to keep volunteers interested.
>> Nico
>> --

The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at, or hbhotz at

More information about the krbdev mailing list