Difference between revisions of "Projects/Improve GSSAPI mechanism configuration"
(→Commits) |
|||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | {{project- |
+ | {{project-rel|1.13}} |
| − | {{project-target|1.13}} |
||
==Requirements and scope== |
==Requirements and scope== |
||
| − | The GSSAPI mechglue allows the installation of additional mechanisms |
+ | The GSSAPI mechglue allows the installation of additional mechanisms. These mechanisms are currently sourced from the file /etc/gss/mech at library load time. |
| − | In order to improve management of additional mechanism as separate packages for distributions it would be easier if |
+ | In order to improve management of additional mechanism as separate packages for distributions, it would be easier if each package could drop a configuration fragment in a separate file to activate a new installed plugin instead of changing a single configuration file. |
==Design== |
==Design== |
||
| − | A new directory owned by the GSSAPI library is created in /etc/gss/mech.d |
+ | A new directory owned by the GSSAPI library is created in /etc/gss/mech.d. In this directory, packages can drop configuration fragments that use the exact same configuration format of the current /etc/gss/mech file. |
| − | In this directory packages can drop configuration fragments that use the exact same configuration format of the current /etc/gss/mech file. |
||
| − | After the main /etc/gss/mech file has been parsed, any file in this directory is opened and parsed to find additional mechanisms to load. |
+ | After the main /etc/gss/mech file has been parsed, any file in this directory with a name ending in ".conf" is opened and parsed to find additional mechanisms to load. |
| + | |||
| + | ==Testing== |
||
| + | |||
| + | Because there is no way to change the path to /etc/gss/mech or /etc/gss/mech.d, the automated test suite cannot test this feature. |
||
| + | |||
| + | ==Documentation== |
||
| + | |||
| + | host_config.rst and gssapi.rst will be updated to document /etc/gss/mech.d. |
||
| + | |||
| + | ==Commits== |
||
| + | |||
| + | 123c14fd8862ee8f11f6084d25958cb380655f35 Remove dead code from the mechglue initialization |
||
| + | 05cbef80d53f49d30a5d0563501226dc173734d4 Load mechglue config files from /etc/gss/mech.d |
||
| + | 406f273e373014edc0ec31995dc82d6b7a5d73f8 Document /etc/gss/mech.d/*.conf |
||
| + | |||
| + | Finished in {{bug|7782}}. |
||
| + | |||
| + | ==Release notes== |
||
| + | |||
| + | Administrator experience: |
||
| + | |||
| + | * Add support for configuring GSS mechanisms using /etc/gss/mech.d/*.conf files in addition to /etc/gss/mech. |
||
Latest revision as of 12:57, 12 August 2014
Requirements and scope
The GSSAPI mechglue allows the installation of additional mechanisms. These mechanisms are currently sourced from the file /etc/gss/mech at library load time.
In order to improve management of additional mechanism as separate packages for distributions, it would be easier if each package could drop a configuration fragment in a separate file to activate a new installed plugin instead of changing a single configuration file.
Design
A new directory owned by the GSSAPI library is created in /etc/gss/mech.d. In this directory, packages can drop configuration fragments that use the exact same configuration format of the current /etc/gss/mech file.
After the main /etc/gss/mech file has been parsed, any file in this directory with a name ending in ".conf" is opened and parsed to find additional mechanisms to load.
Testing
Because there is no way to change the path to /etc/gss/mech or /etc/gss/mech.d, the automated test suite cannot test this feature.
Documentation
host_config.rst and gssapi.rst will be updated to document /etc/gss/mech.d.
Commits
123c14fd8862ee8f11f6084d25958cb380655f35 Remove dead code from the mechglue initialization 05cbef80d53f49d30a5d0563501226dc173734d4 Load mechglue config files from /etc/gss/mech.d 406f273e373014edc0ec31995dc82d6b7a5d73f8 Document /etc/gss/mech.d/*.conf
Finished in [krbdev.mit.edu #7782].
Release notes
Administrator experience:
- Add support for configuring GSS mechanisms using /etc/gss/mech.d/*.conf files in addition to /etc/gss/mech.
