On Wed, 2008-12-17 at 12:46 +0100, Mark Phalan wrote:
> On Tue, 2008-12-16 at 14:49 -0600, Will Fiveash wrote:
> > On Mon, Dec 15, 2008 at 03:01:01PM -0700, Shawn Emery wrote:
> > > Mark Phalan wrote:
> > > >
> > > > So, "-f" or "-y" ?
> > > >
> > >
> > > My vote is to use the -f option to specify a force of the destruction of
> > > the database w/o prompting, while documenting the flag. I think it is
> > > important to remain consistent with other implementations.
> >
> > Ditto.
> >
>
> Ok. Sounds like there is general agreement that '-f' is the way to go.
> I'll get a PSARC fast-track going.
How does this look? Do I need to talk about interface stability at all?
-M
ABSTRACT
--------
This proposal adds support for an option to kdb5_util(1M) which allows a
Kerberos policy and principal database to be destroyed without an
interactive prompt for confirmation and adds a new global option to
specify a stash file. This is useful when scripting kdb5_util(1M). After
the changes outlined below are made kdb5_util will have better
command-line compatibility with MIT Kerberos' kdb5_util.
BACKGROUND
----------
MIT's kdb5_util uses the "-f" option for the "destroy" sub-command to
indicate that the Kerberos policy and principal database should be
destroyed without user interaction. It uses the "-sf" option as a global
option to specify a stash file. Solaris's kdb5_util has no way to
specify that the database should be destroyed non-interactively and uses
the "-f" option as a global option to specify a stash-file (-sf is also
implemented but not documented).
Both the functionality provided by the option to non-interactively
destroy a Kerberos database and the compatibility with MIT Kerberos are
important for Solaris Kerberos.
PROPOSAL
--------
- New global CLI argument to indicate stash file - "-sf".
- Change current meaning of "-f" to indicate non-interactive
destroy.
Patch binding is requested to allow these options to be backported to
S10. However there are no current plans to do so at this time.
Example:
To non-interactively destroy a Kerberos database
# kdb5_util destroy -f
** Database '/var/krb5/principal' destroyed.
#
DOCUMENTATION
-------------
--- kdb5_util.orig Fri Jan 2 14:05:53 2009
+++ kdb5_util.new Fri Jan 2 14:19:50 2009
@@ -9,7 +9,7 @@
kdb5_util - Kerberos Database maintenance utility
SYNOPSIS
- /usr/sbin/kdb5_util [-d dbname] [-f stashfile_name]
+ /usr/sbin/kdb5_util [-d dbname] [-sf stashfile_name]
[-k mkeytype] [-m ] [-M mkeyname] [-P password] [-r realm]
[-x db_args]... cmd
@@ -31,7 +31,7 @@
name is /var/krb5/principal.
- -f stashfile_name
+ -sf stashfile_name
Specify the stash file name. You can specify an absolute
path.
@@ -142,21 +142,22 @@
Creates the database specified by the -d option. You
will be prompted for the database master password.
If you specify -s, a stash file is created as speci-
- fied by the -f option. If you did not specify -f,
+ fied by the -sf option. If you did not specify -sf,
the default stash file name is /var/krb5/.k5.realm.
- If you use the -f, -k, or -M options when you create
+ If you use the -sf, -k, or -M options when you create
a database, then you must use the same options when
modifying or destroying the database.
- destroy
+ destroy [-f]
- Destroys the database specified by the -d option.
+ Destroys the database specified by the -d option. With
+ the -f argument, does not prompt the user.
stash
- Creates a stash file. If -f was not specified, the
+ Creates a stash file. If -sf was not specified, the
default stash file name is /var/krb5/.k5.realm. You
will be prompted for the master database password.
This command is useful when you want to generate the
