logo_kerberos.gif

Difference between revisions of "Projects/Improve GSSAPI mechanism configuration"

From K5Wiki
Jump to: navigation, search
m (spell 'each' correctly)
Line 1: Line 1:
{{project-early}}
+
{{project-rel|1.13}}
{{project-target|1.13}}
 
   
 
==Requirements and scope==
 
==Requirements and scope==
   
The GSSAPI mechglue allows the installation of additional mechanisms, these mechanisms are currently sourced from the file /etc/gss/mech at library load time.
+
The GSSAPI mechglue allows the installation of additional mechanisms. These mechanisms are currently sourced from the file /etc/gss/mech at library load time.
   
In order to improve management of additional mechanism as separate packages for distributions it would be easier if each package could drop a configuration fragment in a separate file to activate a new installed plugin instead of changing a signle configuration file.
+
In order to improve management of additional mechanism as separate packages for distributions, it would be easier if each package could drop a configuration fragment in a separate file to activate a new installed plugin instead of changing a single configuration file.
   
 
==Design==
 
==Design==
   
A new directory owned by the GSSAPI library is created in /etc/gss/mech.d
+
A new directory owned by the GSSAPI library is created in /etc/gss/mech.d. In this directory, packages can drop configuration fragments that use the exact same configuration format of the current /etc/gss/mech file.
In this directory packages can drop configuration fragments that use the exact same configuration format of the current /etc/gss/mech file.
 
   
After the main /etc/gss/mech file has been parsed, any file in this directory is opened and parsed to find additional mechanisms to load.
+
After the main /etc/gss/mech file has been parsed, any file in this directory with a name ending in ".conf" is opened and parsed to find additional mechanisms to load.
  +
  +
==Testing==
  +
  +
Because there is no way to change the path to /etc/gss/mech or /etc/gss/mech.d, the automated test suite cannot test this feature.
  +
  +
==Documentation==
  +
  +
host_config.rst and gssapi.rst will be updated to document /etc/gss/mech.d.
  +
  +
==Release notes==
  +
  +
Administrator experience:
  +
  +
* Add support for configuring GSS mechanisms using /etc/gss/mech.d/*.conf files in addition to /etc/gss/mech.

Revision as of 12:35, 12 August 2014

This project was completed in release 1.13.


Requirements and scope

The GSSAPI mechglue allows the installation of additional mechanisms. These mechanisms are currently sourced from the file /etc/gss/mech at library load time.

In order to improve management of additional mechanism as separate packages for distributions, it would be easier if each package could drop a configuration fragment in a separate file to activate a new installed plugin instead of changing a single configuration file.

Design

A new directory owned by the GSSAPI library is created in /etc/gss/mech.d. In this directory, packages can drop configuration fragments that use the exact same configuration format of the current /etc/gss/mech file.

After the main /etc/gss/mech file has been parsed, any file in this directory with a name ending in ".conf" is opened and parsed to find additional mechanisms to load.

Testing

Because there is no way to change the path to /etc/gss/mech or /etc/gss/mech.d, the automated test suite cannot test this feature.

Documentation

host_config.rst and gssapi.rst will be updated to document /etc/gss/mech.d.

Release notes

Administrator experience:

  • Add support for configuring GSS mechanisms using /etc/gss/mech.d/*.conf files in addition to /etc/gss/mech.