Fedora ticket cache location
Henry B. Hotz
hotz at jpl.nasa.gov
Tue Jun 12 16:34:33 EDT 2012
I disagree with using symlinks to bypass /etc/nsswitch. The whole point of storing user information in e.g. LDAP is so you can centrally manage things like username->UID mapping. If the central repository for that information changes then you need to update *all* instances of how the local machine uses it.
If there's a performance problem, then we either need to live with it, or find a more efficient abstraction. The decision of whether to use central or local configuration, and whether to incur the performance penalties, is up the the organization doing the deployment.
On Jun 11, 2012, at 1:40 PM, <krbdev-request at mit.edu> <krbdev-request at mit.edu> wrote:
> Date: Mon, 11 Jun 2012 14:50:44 -0500
> From: Nico Williams <nico at cryptonector.com>
> Subject: Re: Fedora ticket cache location
> To: Sam Hartman <hartmans at mit.edu>
> Cc: Russ Allbery <rra at stanford.edu>, krbdev at mit.edu
> Message-ID:
> <CAK3OfOjJakdb-YJnPG1SWo1ztmjxm0d-3Up-DxYbgyMVAk3_Rw at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> On Mon, Jun 11, 2012 at 9:27 AM, Sam Hartman <hartmans at mit.edu> wrote:
>> Having a symlink to uid is interesting, although keep in mind that the
>> mapping from username to uid is not a bijection: multiple users with
>> different names can have the same uid. Obviously that's a special case,
>> but I'me certainly seen it done from time to time.
>
> With symlinks we can easily take care of username aliasing.
>
> I like the idea that we can use geteuid() alone to find the ccaches
> and keytabs, rather than having to call getpwuid() (which could be
> slow).
>
> Nico
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the krbdev
mailing list