[OpenAFS-devel] configuration files for servers

[Matt W. Benjamin]

A second implementation of what?  The code Marcus mentions also already exists, and is in k5ssl.  (Part of rxk5.)

Matt

----- Original Message -----
From: "Jeffrey Altman" <jaltman@secure-endpoints.com>
To: openafs-devel@openafs.org
Sent: Thursday, June 11, 2009 1:15:04 AM GMT -05:00 US/Canada Eastern
Subject: Re: [OpenAFS-devel] configuration files for servers

Marcus Watts wrote:
> Simon Wilkinson just asked for "configuration files for servers"
> at the best practices workshop.
> 
> I also talked briefly with Simon about this the night before last.
> 
> As it happens, the k5ssl code can parse krb5.conf files today.
> This may not be exactly the file format that people would like,
> but it may be "close enough".
> 
> in any of the rxk5 branches, look at
> 	src/k5ssl/k5s_cf.c
> 
> there isn't anything that writes these files back out.
> I'm not convinced this is a good idea, but if people
> really want that - it is possible.  I think I
> have a test program that does this, but I don't seem
> to have bothered to save it with k5ssl.  It is
> trivial to walk the in-core configuration file contents,
> and to write it out in whatever format. 
> 	src/k5ssl/t_cf.c
> 		is sample code to do just that.
> 
> 				-Marcus

The Heimdal implementation is BSD licensed and can be utilized by
OpenAFS.  I would rather not have a third implementation that needs
to be supported.  There are too many undocumented *features* in the
krb5 profile format.

However, given the discussion that has taken place recently on
this list I believe that the krb5 profile format is the one we
should go forward with.

Jeffrey Altman





_______________________________________________
OpenAFS-devel mailing list
OpenAFS-devel@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-devel