Project Review: kinit -C
Will Fiveash
will.fiveash at oracle.com
Tue Sep 14 20:13:29 EDT 2010
On Tue, Sep 14, 2010 at 05:03:02PM -0400, Sam Hartman wrote:
> >>>>> "Simo" == Simo Sorce <ssorce at redhat.com> writes:
>
> Simo> On Tue, 14 Sep 2010 14:54:35 -0400
> Simo> Sam Hartman <hartmans at MIT.EDU> wrote:
>
> > >>>>> "Tom" == Tom Yu <tlyu at MIT.EDU> writes:
> >>
> Tom> Sam Hartman <hartmans at MIT.EDU> writes:
> >> >> As a result, kinit will link against libkdb5 and libkadm5srv.
> >>
> Tom> I would prefer that this be a build-time option, so that
> Tom> software packagers have more flexibility about whether the
> Tom> kinit binary needs to have the KDC libraries installed.
> Tom> Alternatively, build two versions, kinit and kinit.local, only
> Tom> the latter of which depends on the KDC libraries.
> >>
> >> I'd like to push back on this and ask for someone to step forward
> >> and say that's a problem for their packaging first before we make
> >> the change.
>
> Simo> Unless you want to force people to install libkdb5 and
> Simo> libkadm5srv on every client it looks like it is going to be an
> Simo> issue. That is, unless you explicitly dlopen() these libraries
> Simo> therefore not making them a strong dependency and breaking
> Simo> only the impersonation functionality if they are not
> Simo> available.
>
> Right. I was going to recommend installing libkdb5 and libkadm5srv
> everywhere. Personally, I don't see a problem with that with my Debian
> hat on, but if other packagers do, then we can look at approaches.
This would cause packaging changes for Solaris. Given this must run on
the KDC, maybe it should be a separate utility, or a modification to
kadmin.local?
--
Will Fiveash
Oracle
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet text based e-mail app: http://www.mutt.org/
More information about the krbdev
mailing list