Dan Anderson wrote: > I would like to move away from the old-fashioned Solaris world of packages > editing configuration files (or even hiding it as a one-shot action in some > SMF file). > > Linux-style Configuration Directories > I would like to move toward the current practice done with Linux, where > instead of editing configuration files, a package drops a file in the > configuration directory. For example, adding a POP server causes file "pop" > to be added to directory /etc/xinetd.d/. A parallel for KCF/PKCS11 would be > to create directories /etc/crypto/ kcf.conf.d/ and /etc/crypto/pkcs11.conf.d/ > and each package, instead of trying to edit kcf.conf/pkcs11.conf (in any > manner, pre- or post-install or initial boot), would drop a file in one of > these directories. > > At parse time, instead of just reading /etc/crypto/kcf.conf (or pkcs11.conf), > the parser would concatenate the contents of /etc/crypto/kcf.conf and > /etc/crypto/kcf.conf.d/* and parse the whole thing (same for pkcs11.conf and > pkcs11.conf.d)
That doesn't help fix all the problems that the i.pkcs11conf and i.kcfconf scripts fix. That only helps with the simple case of a whole new provider. It doesn't help with changes to an existing provider. It also completely changes the way that we would need to store per provider policy. I've looked at exactly this for /etc/pam.conf vs /etc/pam.d/ and it will help for some subset of what i.pamconf does but not all of it. -- Darren J Moffat
