[kerberos-discuss] non-interactive destroy for kdb5_util [PSARC/2009/038 FastTrack timeout 01/28/2009]

Wed Jan 21 04:10:27 PST 2009

On Wed, 2009-01-21 at 10:36 +0000, Darren J Moffat wrote:
> Wyllys Ingersoll wrote:
> > Template Version: @(#)sac_nextcase %I% %G% SMI
> > This information is Copyright 2009 Sun Microsystems
> > 1. Introduction
> >     1.1. Project/Component Working Name:
> > 	 non-interactive destroy for kdb5_util
> >     1.2. Name of Document Author/Supplier:
> > 	 Author:  Mark Phalan
> >     1.3  Date of This Document:
> > 	20 January, 2009
> > 4. Technical Description
> > 
> > Project: Non-interactive destroy for kdb5_util
> > Submitter: Mark Phalan
> > Binding: Patch
> > 
> > ABSTRACT
> > --------
> > 
> > This proposal adds support for an option to kdb5_util(1M) which allows a
> > Kerberos policy and principal database to be destroyed without an
> > interactive prompt for confirmation and adds a new global option to
> > specify a stash file. This is useful when scripting kdb5_util(1M). After
> > the changes outlined below are made kdb5_util will have better
> > command-line compatibility with MIT Kerberos' kdb5_util.
> > 
> > 
> > BACKGROUND
> > ----------
> > 
> > MIT's kdb5_util uses the "-f" option for the "destroy" sub-command to
> > indicate that the Kerberos policy and principal database should be
> > destroyed without user interaction. It uses the "-sf" option as a global
> > option to specify a stash file.  Solaris's kdb5_util has no way to
> > specify that the database should be destroyed non-interactively and uses
> > the "-f" option as a global option to specify a stash-file (-sf is also
> > implemented but not documented).
> > Both the functionality provided by the option to non-interactively
> > destroy a Kerberos database and the compatibility with MIT Kerberos are
> > important for Solaris Kerberos.
> > 
> > 
> > PROPOSAL
> > --------
> > 
> >  - New global CLI argument to indicate stash file - "-sf".
> >  - Change current meaning of "-f" to indicate non-interactive
> >    destroy.
> > 
> > 
> > Patch binding is requested to allow these options to be backported to
> > S10. However there are no current plans to do so at this time.
> 
> You have an interface change that I don't believe is backwards 
> compatible yet you are requesting patch binding.  Please justify why 
> this change in meaning for 'destroy -f' will be acceptable and won't 
> cause problems.

Let me discuss this with the rest of the i-team. We may drop the patch
binding request.

> 
> >  SYNOPSIS
> > -     /usr/sbin/kdb5_util  [-d dbname] [-f stashfile_name]
> > +     /usr/sbin/kdb5_util  [-d dbname] [-sf stashfile_name]
> >           [-k mkeytype] [-m ] [-M mkeyname] [-P password] [-r realm]
> >           [-x db_args]... cmd
> 
> I very very very stronly disagree with this synopsis change.
> 
> The use of a two letter option name is not acceptable and is against the 
> CLIP guidelines.
> 

Unfortunately kdb5_util has supported two letter (and greater) options
for a long time. For e.g.

kdb5_util dump -old
kdb5_util dump -ov
...

> However if this is what MIT Kerberos uses and kdb5_util is otherwise 
> compatible CLI syntax with the MIT version then I grudgingly hold my 
> nose and let this go.

This is what MIT uses and compatibility is certainly a goal.

>   However please communicate to the upstream 
> community that a single dash with multiple option letters after it is 
> undesireable as it is confusing to many users, eg is '-sf' one option or 
> is it equivalent to '-s -f'.

I agree it is confusing and will try to work with the upstream community
to ensure that these sorts of interfaces don't appear in the future.

Thanks,

-M