Integration of k5start/krenew functionality

Ken Hornstein kenh at
Mon Aug 3 10:22:33 EDT 2009

>On Sat, 2009-08-01 at 18:33 -0400, Ken Hornstein wrote:
>> If the goal is to support AFS, then I think you should go whole-hog.
>AFS support is not a primary goal.  Given that krenew and k5start will
>continue to be maintained externally, I am now wondering if perhaps the
>project scope should be narrowed substantially to limit the amount of UI
>real estate used.  So I am thinking of dropping the krenew use case,
>eliminating the aklog-shaped external program hook, and supporting only
>one style of k5start use case--for example, only operation as a process
>wrapper, and not as a background process or check-and-renew utility.

Again, I personally have no problem with this ... I just think you need
to pick one or the other.  If MIT prefers to focus on core Kerberos
functionality and just leave AFS support to third-party tools, I think
that's reasonable.

>> It's just easier (I have enough time getting the levels of quoting
>> right when using multiple levels of shell interpretation .... I can't
>> imagine what an unsophisticated user would do).
>I don't want to go too deep down the conversational rabbit-hole here,
>but process wrappers like pagsh and k5start generally use exec() rather
>than passing their arguments to a shell, so they don't add multiple
>levels of shell interpretation.

So ... you've USED pagsh, right?  It invokes /bin/sh with the exact
arguments you give on the command line.  That means you need to build
up a command line using -c ... and I've found complicated quoting there
can get hairy very quickly.  Russ's tools were just easier.


More information about the krbdev mailing list