[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Turning off hostname canonicalisation

To: krbdev@MIT.EDU, heimdal-discuss@sics.se
Subject: Re: Turning off hostname canonicalisation
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Date: Tue, 13 Sep 2005 13:58:19 -0400
In-Reply-To: <4B3E584B-62D5-4851-996F-A00194B9DF5D@mit.edu>
Sender: owner-heimdal-discuss@sics.se

>So I'd like to understand why folks are using [appdefaults].  Sun's  
>need is fairly straightforward: "we had it before and can't de- 
>support it".  But how are sites actually using this feature?

Fair enough.

Some background: we have a large number of users that are off-site (by
off-site, I mean that they use machines that aren't under our
administrative control); we package up Kerberos binaries and supply
them so they get access to our site (actually, a large bunch of DoD
sites, but that's not important).  I guess the real important part of
this is that we have a relatively large user population that uses
machines we don't control.  If we had administrative control of these
machines, maybe we'd do things differently.

The problem we ran into was that the users generally were not root on
these systems, and we wanted to provide them kits that didn't require
root access to install.  Any hard-coded path for application config
files we would give users would be wrong, and users didn't want to
copy a bunch of dotfiles to their home directory (in the interests of
simplicity, the Unix kit is just a tar file).  The users knew that they
had to deal with a config file already for the Kerberos library settings,
and they knew how to do that (with KRB5_CONFIG); the best solution I could
see was to simply glom onto this functionality.  I could have added
configuration file support to telnet/rlogin/rsh/ftp, but quite frankly
that would have been a lot of code for what I could only see would be
zero gain.  Now, you may point out that telnet and ftp have specific
configuration files.  I could have adapted those, but we would have had
the problem of delivering those config files to the right location,
and one config file is a lot easier to manage than 4 or 5.

Now of course on platforms like Windows and MacOS, you generally give
an installer and the OS already has an infrastructure in place to
handle application defaults.  We don't make use of the [appdefaults]
values on those platforms (except in the case of MacOS X programs which
are really ports of the Unix variants).

>* What tags to you use in the [appdefaults] section?  What values are  
>you setting them to?

Prev by Date: Re: Turning off hostname canonicalisation
Next by Date: No Subject
Prev by thread: Re: Turning off hostname canonicalisation
Next by thread: Re: Turning off hostname canonicalisation
Index(es):
- Date
- Thread