1 config files in 39 etc 39 need updating

What's wrong we "make" or similar to build krb5by inlining all the required fragments. This functionality has no impact on performance if you don't use it; most sites don't have thousands of connections per second.

If latency is a big problem, then there are quite a few things that could be done in the current implementation to avoid re-reading files.

Though perhaps that code could only optimize the case in which no include directives are used.

As you say, I am free to not use include files or include directories.

Therefore this addition of the functionality is required.

That being said I would prefer that distributions not use it and instead specify a KRB5_CONFIG environment variable that lists a system config location and a user config location if that is what they wish to support.

statting has already been suggested, but another would be the use of inotify on platforms that support it.

Running make is easy for package scripts, but also means extra operations for the system administrator after each config change they make. includes and includedirs are by no means an unusual feature for configuration files.

The alternatives, such as a distinct process doing the parsing and in-lining, this only opens race conditions and room for error, as it too must be taught the configuration syntax (Heimdal already can read multiple config files without difficultly).

This can result in significant overhead where it doesn't exist.

I agree that Heimdal must be able to parse MIT compatible configuration files.

We’ll occasionally send you account related emails. Sign in to your account For distributions, it is convenient to be able to just drop files in /etc/krb5d/. For distributions, it is convenient to be able to just drop files in /etc/krb5d/. Why would a distribution believe that some fragment of the krb5file is not in conflict with the system administrator's /etc/krb5.conf?

MIT has support for an 'includedir' directive in krb5 MIT has support for an 'includedir' directive in krb5 Also constant re-reading of krb5is already costly enough, I am skeptical that this is in fact a good idea.

Leave a Reply