Profile include support
Nicolas Williams
Nicolas.Williams at oracle.com
Mon Aug 23 14:51:31 EDT 2010
On Mon, Aug 23, 2010 at 11:03:58AM -0400, ghudson at MIT.EDU wrote:
> * The syntax "include PATTERN" is simple and clear, but may not be
> optimal. It could break existing profile files which contain an
> "initial comment" (any text before the first line beginning with
> '[') with a line which happens to begin with "include". Also, adding
> an include directive anywhere other than the beginning of a
> krb5.conf file would cause earlier versions of krb5 to generate a
> syntax error. Other syntax options include:
> - Masquerade as a comment: #include PATTERN
> - Masquerade as a section: [include PATTERN]
> - Distinctive punctuation: @include PATTERN
Or:
include = PATTERN
in [libdefaults], with multiple instances allowed.
I prefer this because it seems friendliest to existing parsers. OTOH,
it doesn't appear to be anything like a directive.
> * Nothing in the design prevents include directives containing
> relative paths or patterns. Such an include directive would have
> unpredictable effects since the current working directory would be
> different for different invocations of the krb5 library. Should the
> profile library protect the administrator by restricting include
> directives to absolute paths? If so, how should it portably
> recognize an absolute path?
Paths should definitely be absolute, or relative to /, not to the
current directory of the running process.
> * Should an include directive ever result in a fatal error? Possible
> error cases include:
All should be optional or all should be required. If you want some
optional and some required then please have two directives ('include'
and 'require').
Nico
--
More information about the krbdev
mailing list