[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Debian Shishi integration: krb5-config
|
From: |
Simon Josefsson |
|
Subject: |
Debian Shishi integration: krb5-config |
|
Date: |
Wed, 31 May 2006 12:30:31 +0200 |
|
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux) |
I've been thinking about integrating Shishi with the rest of Debian
kerberos stuff. One thing is configuration, and I've looked at the
krb5-config package. It seems like the shishi-common package could
depend on it, to ask questions about the default realm and
KDC/admin-server, and then populate /etc/shishi.conf with the values.
The only debconf question in krb5-config that isn't perfectly
applicable is the admin server: there is no admin server daemon for
Shishi. That is a minor issue, and if I get around to implementing
the set/change-password protocol, it will be applicable.
The alternative would be to implement support for reading
/etc/krb5.conf in Shishi, and I've been planning to do this, see
snippet from shishi.conf:
# Read MIT or Heimdal configuration file for the following parameters:
# default-realm
# realm-kdc
# server-realm
# kdc-timeout
# kdc-retries
# You can override these values by specifying alternate values below.
# Not implemented yet.
#read-krb5conf=/etc/krb5.conf
However, it is not implemented yet. One reason is that this seems
unclean, and I'm worried the /etc/krb5.conf format will change. The
format isn't really under my control. The feature will have to be
documented in the Shishi manual, and ideally the krb5.conf format
should be discussed too.
The advantage with the krb5-config approach is that it makes Shishi
cleaner. The advantage with the read-krb5conf approach is that it
solves the problem generically, and will not be Debian-specific.
Any thoughts on this?
I'm leaning towards read-krb5conf now, but I'll decide later.
/Simon
- Debian Shishi integration: krb5-config,
Simon Josefsson <=