Project Review: kinit -C
Sam Hartman
hartmans at MIT.EDU
Tue Sep 14 17:03:02 EDT 2010
>>>>> "Simo" == Simo Sorce <ssorce at redhat.com> writes:
Simo> On Tue, 14 Sep 2010 14:54:35 -0400
Simo> Sam Hartman <hartmans at MIT.EDU> wrote:
> >>>>> "Tom" == Tom Yu <tlyu at MIT.EDU> writes:
>>
Tom> Sam Hartman <hartmans at MIT.EDU> writes:
>> >> As a result, kinit will link against libkdb5 and libkadm5srv.
>>
Tom> I would prefer that this be a build-time option, so that
Tom> software packagers have more flexibility about whether the
Tom> kinit binary needs to have the KDC libraries installed.
Tom> Alternatively, build two versions, kinit and kinit.local, only
Tom> the latter of which depends on the KDC libraries.
>>
>> I'd like to push back on this and ask for someone to step forward
>> and say that's a problem for their packaging first before we make
>> the change.
Simo> Unless you want to force people to install libkdb5 and
Simo> libkadm5srv on every client it looks like it is going to be an
Simo> issue. That is, unless you explicitly dlopen() these libraries
Simo> therefore not making them a strong dependency and breaking
Simo> only the impersonation functionality if they are not
Simo> available.
Right. I was going to recommend installing libkdb5 and libkadm5srv
everywhere. Personally, I don't see a problem with that with my Debian
hat on, but if other packagers do, then we can look at approaches.
More information about the krbdev
mailing list