From owner-svn-src-head@FreeBSD.ORG Sun Dec 23 13:52:34 2012 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 512B11E2; Sun, 23 Dec 2012 13:52:34 +0000 (UTC) (envelope-from rmacklem@uoguelph.ca) Received: from esa-jnhn.mail.uoguelph.ca (esa-jnhn.mail.uoguelph.ca [131.104.91.44]) by mx1.freebsd.org (Postfix) with ESMTP id AC3A28FC12; Sun, 23 Dec 2012 13:52:33 +0000 (UTC) X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ap8EAAAL11CDaFvO/2dsb2JhbABEhjq3ZXOCHgEBBSNWGw4GBAICDRkCWQYTiBMMokyRaIEiizULgyWBEwOIYo0qgRyPLIMSgU81 X-IronPort-AV: E=Sophos;i="4.84,341,1355115600"; d="scan'208";a="6214811" Received: from erie.cs.uoguelph.ca (HELO zcs3.mail.uoguelph.ca) ([131.104.91.206]) by esa-jnhn.mail.uoguelph.ca with ESMTP; 23 Dec 2012 08:52:30 -0500 Received: from zcs3.mail.uoguelph.ca (localhost.localdomain [127.0.0.1]) by zcs3.mail.uoguelph.ca (Postfix) with ESMTP id 9C242B3F0B; Sun, 23 Dec 2012 08:52:30 -0500 (EST) Date: Sun, 23 Dec 2012 08:52:30 -0500 (EST) From: Rick Macklem To: Benjamin Kaduk Message-ID: <1683112038.1560744.1356270750582.JavaMail.root@erie.cs.uoguelph.ca> In-Reply-To: Subject: Re: svn commit: r244605 - head/usr.sbin/gssd MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Originating-IP: [172.17.91.203] X-Mailer: Zimbra 6.0.10_GA_2692 (ZimbraWebClient - FF3.0 (Win)/6.0.10_GA_2692) Cc: svn-src-head@freebsd.org, Rick Macklem , svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Dec 2012 13:52:34 -0000 Benjamin Kaduk wrote: > Hi Rick, > > > Thanks for all this -- it's good stuff to have. > > > On Sat, Dec 22, 2012 at 6:34 PM, Rick Macklem < rmacklem@freebsd.org > > wrote: > > > Author: rmacklem > Date: Sat Dec 22 23:34:28 2012 > New Revision: 244605 > URL: http://svnweb.freebsd.org/changeset/base/244605 > > Log: > Document the new gssd daemon options added by r244604. > This is a content change. > > MFC after: 2 weeks > > Modified: > head/usr.sbin/gssd/gssd.8 > > Modified: head/usr.sbin/gssd/gssd.8 > ============================================================================== > --- head/usr.sbin/gssd/gssd.8 Sat Dec 22 23:21:17 2012 (r244604) > +++ head/usr.sbin/gssd/gssd.8 Sat Dec 22 23:34:28 2012 (r244605) > @@ -46,6 +49,29 @@ Run in debug mode. > In this mode, > .Nm > will not fork when it starts. > +.It Fl s Ar dir-list > +Look for an appropriate credential cache file in this list of > directories. > +The list should be full pathnames from root, separated by ':' > characters. > +Usually this list will simply be "/tmp". > +Without this option, the > +.Nm > +daemon assumes that the credential cache file is called > /tmp/krb5cc_, > +where is the effective uid for the RPC caller. > +.It Fl c Ar file-substring > +Set a file-substring for the credential cache file names. > +Only files with this substring embedded in their names will be > +selected as candidates when the > +.Fl s > +has been specified. > > > > This grammar seems a bit fishy ("when the -s has been specified"); > "when -s has been specified" or > "when a search directory has been specified with -s" would probably be > better. > Sure. > > +If not specified, it defaults to "krb5cc_". > +.It Fl r Ar preferred-realm > +Set a preferred Kerberos realm for the search of the directory list > for > > > > "Directory list" sounds like there are multiple directories involved, > perhaps > "directory listing" is better? > It can be a list, for example: "/tmp:/var/tmp". Personally, I thought having a list was overkill, but during the email discussion with the people that reported the problem, it was felt that a list might be needed (and the Linux gssd does take a list of directories). However, it probably isn't clear that the preferred realm applies to the principal names in the credential cache file entries being examined. > > +a credentials cache file. > +When set, files with TGT credentials for this realm will be selected > over > +other credential files. > +This option is only meaningful when the > +.Fl s > +option has been specified. > > > > There is something of a movement among the doc types to remove > "redundant" words, > making this "when -s has been specified", but others (some quite > senior) do not approve > of this "useless churn". Might not be worth changing now, but for new > content, something > to consider. > > > Let me know if I should make the patch. > Sure, if you'd like to. Otherwise, I'll try and come up with a fixup. Thanks for pointing this out, rick > > -Ben Kaduk