[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Debian Shishi integration: krb5-config

From: Elrond
Subject: Re: Debian Shishi integration: krb5-config
Date: Wed, 31 May 2006 14:21:56 +0200
User-agent: Mutt/1.5.9i

On Wed, May 31, 2006 at 12:30:31PM +0200, Simon Josefsson wrote:
> I've been thinking about integrating Shishi with the rest of Debian
> kerberos stuff.  One thing is configuration, and I've looked at the
> krb5-config package.  It seems like the shishi-common package could
> depend on it, to ask questions about the default realm and
> KDC/admin-server, and then populate /etc/shishi.conf with the values.

I don't know exactly, if and how debconf supports "other
package asks questions, this package uses answeers"

> The only debconf question in krb5-config that isn't perfectly
> applicable is the admin server: there is no admin server daemon for
> Shishi.  That is a minor issue, and if I get around to implementing
> the set/change-password protocol, it will be applicable.


> The alternative would be to implement support for reading
> /etc/krb5.conf in Shishi, and I've been planning to do this, see
> snippet from shishi.conf:
> However, it is not implemented yet.  One reason is that this seems
> unclean, and I'm worried the /etc/krb5.conf format will change.  The
> format isn't really under my control.

I think, that the format is quite stable. mit and heimdal
use it. So both need to cooperate on the issue.

Not to mention, that shishi will only extract mostly basic
stuff, so the chances of their format changing isn't too
high in my eyes.

> The feature will have to be
> documented in the Shishi manual, and ideally the krb5.conf format
> should be discussed too.

Yeah, only the basic features of it. :)

> The advantage with the krb5-config approach is that it makes Shishi
> cleaner.  The advantage with the read-krb5conf approach is that it
> solves the problem generically, and will not be Debian-specific.
> Any thoughts on this?

The main question is, where you see your target.
If you see debian as your primary target, both options
would equally well fit the picture.

If you see other targets, read-krb5config would probably
fit better.

And since Recommending krb5-config would generate a
/etc/krb5.conf for you, this would integrate well into
debian too.

> I'm leaning towards read-krb5conf now, but I'll decide later.

As I configure shishi by hand, I've not got any big
preferences, but if I have to say something, I'd vote for

The first stage could be to only read the default realm
from krb5.conf and suggesting krb5-config.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]