[1950] in Kerberos_V5_Development
Re: Configuration directories
daemon@ATHENA.MIT.EDU (Richard Basch)
Tue Nov 12 23:53:06 1996
Date: Tue, 12 Nov 1996 23:51:54 -0500
To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Cc: Sam Hartman <hartmans@MIT.EDU>, Greg Hudson <ghudson@MIT.EDU>,
source-developers@MIT.EDU, krbdev@MIT.EDU
In-Reply-To: <9611122156.AA07314@dcl.MIT.EDU>
From: "Richard Basch" <basch@lehman.com>
On Tue, 12-November-1996, "Theodore Y. Ts'o" wrote to "Sam Hartman, Greg Hudson, source-developers@MIT.EDU, krbdev@MIT.EDU" saying:
> From: Sam Hartman <hartmans@MIT.EDU>
> Date: 11 Nov 1996 13:20:13 -0500
>
> >>>>> "Greg" == Greg Hudson <ghudson@MIT.EDU> writes:
>
> Greg> 4. Look for configuration files in /etc and in
> Greg> @sysconfdir@; if both are present, merge them together with
> Greg> the file in /etc taking precedence. This is what Kerberos 5
> Greg> release 1.0 will do.
>
> I told you this is the case, but after glancing at the code,
> I'm no longer sure. It may only read the file in @sysconfdir@ if the
> file in /etc is present. I'll open a doc bug once I figure out what
> is happening. (I realize this is somewhat of a tangent.)
>
> This is what will eventually happen (with the precedence order probably
> being ~/.krb5rc:/etc:@sysconfdir@).
>
> The other problem with (2) always use @sysconfdir@, is that if you have
> multiple programs compiled with different @sysconfdir@'s, the result can
> be highly confusing. An example of this was that with the original
> krb.conf --- some programs looked for this file in /etc/krb.conf.
> Others looked in /etc/athena/krb.conf, and still others looked in
> /usr/local/etc/krb.conf or /usr/cygnus/etc/krb.conf. The result was a
> complete and total mess.
>
> This is why for krb5, I very much discourage the use of @sysconfdir@,
> and hope that everyone will just always install krb5.conf in
> /etc/krb5.conf. Being able to have user-specific overrides in ~/.krb5rc
> solves a different problem, but that's why eventually I'll try to handle
> the merge case.
With K4, it was inevitable that such digressions would occur; the
configuration files were not flexible... One or two configuration files
are generally acceptable in /etc if they are of a standard format and
are extensible to include various vendor versions. With K4, there was
talk of revamping krb.conf and krb.realms to make it more extensible, so
everyone thought that they better package it in a private directory. It
is also common to include configuration files with software binaries
under a common tree, which also added to the widespread digression.
In this case, because we have finally revisited krb5.conf semantics, I
agree there should be one common location: /etc/krb5.conf. Vendors who
have their own extensions are free to add stanzas to this file, and it
won't affect other implementations. If it were not for this
flexibility, we probably would have repeated history...
I would also like to say that it is important for a site to be able to
specify an alternate location in which to also look (as a backup).
There may be some sites that are automounting the entire Kerberos
package, and while it would be nice to always look in /etc, the file or
link may not exist there. Perhaps this should be "off" by default, but
I do know that many sites often have some form of common filesystem but
not necessarily a good enterprise software distribution system (Lehman
included). For these sites, it is extremely useful having a search
path, such as:
~/krb5.conf:/etc/krb5.conf:<automount>/krb5.conf
--
Richard Basch
Sr. Developer/Analyst, DSO URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 38th Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
