Hello,
>> readdir ordering is probably bad. I think that's essentially random on a
>> lot of file systems, and I'm not sure it's even guaranteed to be stable.
>> Is there any chance we could get that fixed in Heimdal before we start to
>> rely on it?
>
> I filed https://github.com/heimdal/heimdal
Hi,
On Tue, Jul 9, 2024 at 3:35 PM Russ Allbery wrote:
>
> Andreas Hasenack writes:
>
> > Heimdal's ktb5.conf manpage (with the patches applied):
>
> >Files and directories may be included by absolute path.
> > Including a directory causes all files in the directory to be included
> > as
Andreas Hasenack writes:
> Heimdal's ktb5.conf manpage (with the patches applied):
>Files and directories may be included by absolute path.
> Including a directory causes all files in the directory to be included
> as if each file had been included sep‐
>arately, but only files w
Hi,
On Tue, Jul 9, 2024 at 2:23 PM Russ Allbery wrote:
>
> Andreas Hasenack writes:
>
> > If I include it via this krb5.conf:
> > [libdefaults]
> > includedir /etc/krb5.conf.d
> > default_realm = LOWTECH
>
> > default realm is LXD.
>
> > If I include it like this:
> > [libdefaults]
> > default_r
Andreas Hasenack writes:
> Presumably yes, but we have to indeed think about it. Normal dpkg conf
> prompts will apply here, unless we do something (smart?) in postinst.
> update: just saw the krb5-config postinst, it indeed tries to handle
> many cases, and this would be another one.
Yeah, krb5
Sam Hartman writes:
>> "Andreas" == Andreas Hasenack writes:
> >> And what dependency should a package that wants to use included
> >> fragments have to ensure that those included fragments are
> >> loaded?
> I don't think you can.
> An administrator might remove the includedir.
Andreas Hasenack writes:
> If I include it via this krb5.conf:
> [libdefaults]
> includedir /etc/krb5.conf.d
> default_realm = LOWTECH
> default realm is LXD.
> If I include it like this:
> [libdefaults]
> default_realm = LOWTECH
> includedir /etc/krb5.conf.d
> Then default realm is LOWTECH.
> And, to reply to another question from before, if I put the includedir
> directive inside a section, for example, inside [libdefaults], that's
> invalid because it expects all entries in sections to be key=pair
> values:
> root@o-heimdal:~# head /etc/krb5.conf -n 4
>
> [libdefaults]
> includedir
At the moment, heimdal's verify_krb5_conf is already not happy with
krb5.conf shipped by bin:krb5-config:
# verify_krb5_conf
verify_krb5_conf: krb5_config_parse_file: open /root/.krb5/config: No
such file or directory
verify_krb5_conf: /libdefaults/ccache_type: unknown entry
verify_krb5_conf: /lib
> "Andreas" == Andreas Hasenack writes:
>> And what dependency should a package that wants to use included
>> fragments have to ensure that those included fragments are
>> loaded?
I don't think you can.
An administrator might remove the includedir.
krb5.conf might be a symlink.
Hi,
On Tue, Jul 9, 2024 at 11:55 AM Russ Allbery wrote:
>
> Andreas Hasenack writes:
>
> > I opened #1074775[1] to backport the heimdal patches that add include
(...)
> The change is not entirely trivial, however. Here are some things that
> come to mind that we probably need a plan for how to
> "Russ" == Russ Allbery writes:
Russ> Andreas Hasenack writes:
>> I opened #1074775[1] to backport the heimdal patches that add
>> include and includedir support, filed a couple of salsa PRs[2][3]
>> with tests, and they were merged. Once there is a new upload of
>> heim
Andreas Hasenack writes:
> I opened #1074775[1] to backport the heimdal patches that add include
> and includedir support, filed a couple of salsa PRs[2][3] with tests,
> and they were merged. Once there is a new upload of heimdal, we can
> consider making this change in kerberos-configs then. Wh
I opened #1074775[1] to backport the heimdal patches that add include
and includedir support, filed a couple of salsa PRs[2][3] with tests,
and they were merged. Once there is a new upload of heimdal, we can
consider making this change in kerberos-configs then. What do you
think?
1. https://bugs.
I'm also starting to feel the need to add this includedir directive to
/etc/krb5.conf by default. sssd is expecting this to work[1], as it places
a config snippet in /etc/krb5.conf.d.
I looked at the heimdal packages (which are in sync between ubuntu and
debian) and the includedir support is not t
Sam Hartman writes:
> In hopes of honoring this request, I just looked at the heimdal sources
> in debian. I cannot find evidence of the includedir or include
> krb5.conf directives there even in 2022.
> Unless I'm missing something I still don't think it makes sense to add
> this to Debian with
In hopes of honoring this request, I just looked at the heimdal sources
in debian. I cannot find evidence of the includedir or include
krb5.conf directives there even in 2022.
Unless I'm missing something I still don't think it makes sense to add
this to Debian without heimdal support.
Hi Sam,
Per our discussion today, unfortunately, it looks like include and
includedir support was merged into Heimdal, but hasn't yet made it into a
release. It's on the master branch, but is not in 7.4.0. But maybe soon?
Once that code is released, it looks like the way to include a directory
control: -1 severity wishlist
> "Timo" == Timo Aaltonen writes:
Timo> Please add /etc/krb5.conf.d directory to the package and an
Timo> include directive in krb5.conf so that other packages can
Timo> provide snippets under the directory.
Package: krb5-config
Version: 2.6
Please add /etc/krb5.conf.d directory to the package and an include
directive in krb5.conf so that other packages can provide snippets under
the directory. For instance next FreeIPA version expects this directory
to exist.
--
t
20 matches
Mail list logo
