Not building kcpytkt/kdeltkt
Sam Hartman
hartmans at debian.org
Thu Aug 5 11:59:02 EDT 2021
>>>>> "Ken" == Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:
>>> But the fact that krb5_cc_remove_cred() is used by Samba
>>> suggests to me that kdeltkt might be useful on other platforms,
>>> especially if you're using a Windows DC?
>>
>> I don't think that follows. krb5's API covers a much wider range
>> of functionality than the CLI does. There needs to be a stronger
>> case than "might be useful" to ship something.
Ken> I guess I was thinking of what I would call the next logical
Ken> steps:
Ken> - Samba has found it useful to be able to delete a specific
Ken> service ticket from a credential cache when communicating with
Ken> a Windows DC, to the point where the functionality was added to
Ken> a number of credential caches.
Ken> - People who are using MIT Kerberos directly with a Windows DC
Ken> also might find it useful to delete a specific service ticket
Ken> from a credential cache, for the same reasons that Samba finds
Ken> it useful.
Ken> If my logic is wrong or not compelling enough, fair enough.
I think the logic is fine. But I'd like to see a couple more people
specifically desire the feature.
For your testing, kdeltkt is simple enough I think it's reasonable for
you to build it separately or to shim the API somehow in some other way.
But if a few more people want it, then it makes sense to me at least to
ship something.
More information about the krbdev
mailing list