Patrick Matthäi <patrick.matth...@web.de> writes:
> No it does not have to lost the local modified settings. An usual way
> is to get (with some shell magic) in your .config script the actual
> values of the local (maybe modified) configuration file and displaying
> them as default in debconf.
That code is indeed already partly in place, but isn't sufficient.
However, my statement of the problem was wrong, as that code does preserve
the default realm even if the user has changed it, so the confusion is my
fault. I fixated on the default realm, since it's the most obvious thing,
forgetting that it had already been dealt with. The problem is really
with the KDCs for the local realm, not with the local realm setting
itself.
Please ignore my previous problem summary.
The problem I think is this: If your debconf response was that you were
not using DNS for your default realm, the postinst script, after
determining your default realm isn't already present in the krb5.conf,
will prompt you for the KDCs for that realm to add them to krb5.conf. If
you changed to using DNS for your default realm later (so that your
debconf answer is now incorrect) and also removed the KDCs from your
krb5.conf, upgrades of the package will ask you for the KDCs again to
re-add them.
There's no indication in krb5.conf whether you're using DNS or not, since
Kerberos automatically falls back on SRV records to locate the KDC, so
there's no way for the package to determine from krb5.conf itself that its
understanding of whether the default KDCs need to be in the krb5.conf file
has changed.
Now that I look at this further, I suspect the best solution here is to
just never run the code that adds your local realm to krb5.conf except on
initial package installation *or* if you just changed the local realm, via
debconf, to something that doesn't match the local realm currently in
krb5.conf. I'm not quite sure the best way to accomplish that yet, but it
seems tractable. Maybe just set a flag in postinst if we really changed
the default realm, and then don't do realm configuration unless that flag
is set?
A tentative patch is included below so that people can see what I'm
considering.
However, I may still have the problem wrong. For some reason, I keep
having a lot of difficulty wrapping my mind around the interactions
between configuration files and debconf (this isn't the first time
Bastian's had to correct me), and I keep making the same mistakes. :/
So please do tell me if I still have this wrong. Sooner or later I'll get
past the mental block.
diff --git a/debian/krb5-config.postinst b/debian/krb5-config.postinst
index ec94283..f3cf00d 100755
--- a/debian/krb5-config.postinst
+++ b/debian/krb5-config.postinst
@@ -41,11 +41,15 @@ if ($ARGV[0] eq 'configure' || $ARGV[0] eq 'reconfigure') {
# if the default realm is mentioned in the realms section to know if we
# need to add it later.
my $defrealm_in_conf = 0;
+ my $changed_defrealm = 0;
while (<CONF>) {
if (/^\s*\[libdefaults\]/i ... /^\s*\[(?!libdefaults)/i) {
next if /^\s*[\#;]/;
- if ($defrealm) {
- s/default_realm(\s*)=(.*)$/default_realm$1= $defrealm/i;
+ if ($defrealm && /\bdefault_realm\s*=\s*(\S+)/) {
+ if ($1 ne $defrealm) {
+ $changed_defrealm = 1;
+ s/default_realm(\s*)=(.*)$/default_realm$1= $defrealm/i;
+ }
}
if ($fix_etypes) {
s/^\s*default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
des-cbc-md5/\#$&/;
@@ -66,7 +70,7 @@ if ($ARGV[0] eq 'configure' || $ARGV[0] eq 'reconfigure') {
or die "Unable to rename file: $!, stopped";
my $usedns = get ("krb5-config/dns_for_default");
realm_config: {
- if (($usedns eq 'false') && $defrealm && (!$defrealm_in_conf)) {
+ if (($usedns eq 'false') && $changed_defrealm && (!$defrealm_in_conf))
{
subst ('krb5-config/kerberos_servers', 'realm', $defrealm);
input ('high', 'krb5-config/kerberos_servers');
go();
--
Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
