Integration of k5start/krenew functionality
Ken Hornstein
kenh at cmf.nrl.navy.mil
Mon Aug 3 10:22:33 EDT 2009
>On Sat, 2009-08-01 at 18:33 -0400, Ken Hornstein wrote:
>> If the goal is to support AFS, then I think you should go whole-hog.
>
>AFS support is not a primary goal. Given that krenew and k5start will
>continue to be maintained externally, I am now wondering if perhaps the
>project scope should be narrowed substantially to limit the amount of UI
>real estate used. So I am thinking of dropping the krenew use case,
>eliminating the aklog-shaped external program hook, and supporting only
>one style of k5start use case--for example, only operation as a process
>wrapper, and not as a background process or check-and-renew utility.
Again, I personally have no problem with this ... I just think you need
to pick one or the other. If MIT prefers to focus on core Kerberos
functionality and just leave AFS support to third-party tools, I think
that's reasonable.
>> It's just easier (I have enough time getting the levels of quoting
>> right when using multiple levels of shell interpretation .... I can't
>> imagine what an unsophisticated user would do).
>
>I don't want to go too deep down the conversational rabbit-hole here,
>but process wrappers like pagsh and k5start generally use exec() rather
>than passing their arguments to a shell, so they don't add multiple
>levels of shell interpretation.
So ... you've USED pagsh, right? It invokes /bin/sh with the exact
arguments you give on the command line. That means you need to build
up a command line using -c ... and I've found complicated quoting there
can get hairy very quickly. Russ's tools were just easier.
--Ken
More information about the krbdev
mailing list