[Freeipa-users] Generation of /etc/krb5.conf file
Alexander Bokovoy
abokovoy at redhat.com
Mon Dec 7 15:54:13 UTC 2015
On Mon, 07 Dec 2015, Marc Boorshtein wrote:
>>
>> Looking into krb5/src/util/profile/prof_get.c, the code that supports
>> 'yes'/'no' (y,yes,1,true,t,on and n,no,nil,off,false) was added in 2000
>> with the commit 97971c69b9389be08b7e9ffb742ca35f3706b3af (it was CVS at
>> the time but the commit is traceable via git after import from SVN).
>>
>> So I would say this is documentation issue on MIT krb5 side rather than
>> exception. Given that the code is supported for 15 years already,
>> perhaps making JDK aware of it is a better idea?
>>
>
>While yes its clearly a documentation issue I'd say its probably worth
>changing on the IPA side as it doesn't affect how IPA functions and
>makes it easier for integrating applications that are built to those
>docs. I know I spent a couple of hours trying to figure out why I
>wasn't generating forwardable TGTs on a box that is part of the domain
>from an ipa client install vs a manually configured krb5.conf file.
Yes, given that the rest of the code adds true/false, at least in
ipa-client-install and ipa-replica-conncheck where we handle krb5.conf
updates.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list