Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 23 Dec 2012 08:52:30 -0500 (EST)
From:      Rick Macklem <rmacklem@uoguelph.ca>
To:        Benjamin Kaduk <bjkfbsd@gmail.com>
Cc:        svn-src-head@freebsd.org, Rick Macklem <rmacklem@freebsd.org>, svn-src-all@freebsd.org, src-committers@freebsd.org
Subject:   Re: svn commit: r244605 - head/usr.sbin/gssd
Message-ID:  <1683112038.1560744.1356270750582.JavaMail.root@erie.cs.uoguelph.ca>
In-Reply-To: <CAJ5_RoBGO5e67HYUvOxiB64i1By0sJV=9kTaOb=118jNxfCT=Q@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Benjamin Kaduk wrote:
> Hi Rick,
> 
> 
> Thanks for all this -- it's good stuff to have.
> 
> 
> On Sat, Dec 22, 2012 at 6:34 PM, Rick Macklem < rmacklem@freebsd.org >
> wrote:
> 
> 
> Author: rmacklem
> Date: Sat Dec 22 23:34:28 2012
> New Revision: 244605
> URL: http://svnweb.freebsd.org/changeset/base/244605
> 
> Log:
> Document the new gssd daemon options added by r244604.
> This is a content change.
> 
> MFC after: 2 weeks
> 
> Modified:
> head/usr.sbin/gssd/gssd.8
> 
> Modified: head/usr.sbin/gssd/gssd.8
> ==============================================================================
> --- head/usr.sbin/gssd/gssd.8 Sat Dec 22 23:21:17 2012 (r244604)
> +++ head/usr.sbin/gssd/gssd.8 Sat Dec 22 23:34:28 2012 (r244605)
> @@ -46,6 +49,29 @@ Run in debug mode.
> In this mode,
> .Nm
> will not fork when it starts.
> +.It Fl s Ar dir-list
> +Look for an appropriate credential cache file in this list of
> directories.
> +The list should be full pathnames from root, separated by ':'
> characters.
> +Usually this list will simply be "/tmp".
> +Without this option, the
> +.Nm
> +daemon assumes that the credential cache file is called
> /tmp/krb5cc_<uid>,
> +where <uid> is the effective uid for the RPC caller.
> +.It Fl c Ar file-substring
> +Set a file-substring for the credential cache file names.
> +Only files with this substring embedded in their names will be
> +selected as candidates when the
> +.Fl s
> +has been specified.
> 
> 
> 
> This grammar seems a bit fishy ("when the -s has been specified");
> "when -s has been specified" or
> "when a search directory has been specified with -s" would probably be
> better.
> 
Sure.

> 
> +If not specified, it defaults to "krb5cc_".
> +.It Fl r Ar preferred-realm
> +Set a preferred Kerberos realm for the search of the directory list
> for
> 
> 
> 
> "Directory list" sounds like there are multiple directories involved,
> perhaps
> "directory listing" is better?
> 
It can be a list, for example: "/tmp:/var/tmp". Personally, I thought
having a list was overkill, but during the email discussion with the people
that reported the problem, it was felt that a list might be needed (and
the Linux gssd does take a list of directories).

However, it probably isn't clear that the preferred realm applies to
the principal names in the credential cache file entries being examined.

> 
> +a credentials cache file.
> +When set, files with TGT credentials for this realm will be selected
> over
> +other credential files.
> +This option is only meaningful when the
> +.Fl s
> +option has been specified.
> 
> 
> 
> There is something of a movement among the doc types to remove
> "redundant" words,
> making this "when -s has been specified", but others (some quite
> senior) do not approve
> of this "useless churn". Might not be worth changing now, but for new
> content, something
> to consider.
> 
> 
> Let me know if I should make the patch.
> 
Sure, if you'd like to. Otherwise, I'll try and come up with a fixup.

Thanks for pointing this out, rick

> 
> -Ben Kaduk



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1683112038.1560744.1356270750582.JavaMail.root>