Sign up for a free Git Hub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for Git Hub”, you agree to our terms of service and privacy statement.
It makes it possible for different packages related to Kerberos (Heimdal, MIT, pam-krb5) to install their own krb5fragments rather than having all those settings shipped with the default krb5
It also makes it possible for administrators to just ship a /etc/krb5.conf/myrealm file with configuration rather than having to programmatically update the existing krb5
If so, that's problematic because the default RHEL7/Cent OS7 krb5has this line present. We could make the config system (which is roughly like the profile API in MIT) detect config changes and re-read them (MIT's profile API does this), but we copy config items to s seems pointless, so automatically re-reading configs is a heavy-duty project.
My first stab at a high-level design is to add new versions of the config API that "register" where the values land in related external object(s) and which will update those automatically as long as the related external object(s) remain alive.
If others want this feature, and nobody else is opposed, go ahead...
I will point out that Kerberos configuration profiles on Heimdal and MIT already support multiple files.All that is required is to list all of them in the KRB5_CONFIG environment variable.As Roland has already pointed out, the biggest challenge with include and includedir is that it is not possible to determine by querying the status information for one file whether the configuration has changed if that file contains include and includedir.This can result in significant overhead where it doesn't exist.I agree that Heimdal must be able to parse MIT compatible configuration files..//verify_krb5_conf verify_krb5_conf: krb5_config_parse_file: open /home/build/.krb5/config: No such file or directory verify_krb5_conf: krb5_config_parse_file: /etc/krb5.conf:2: binding before section On Fri, 2017-02-10 at -0800, Quanah Gibson-Mount wrote: I note some improvement in current Heimdal vs Heimdal 1.6.