In MIT Kerberos 1.0.6 "-f" was used as a global option for kdb5_util to
indicate the location of a stash file. Releases after that (1.2.0 +)
changed this option to "-sf" and added a new option to the "destroy"
sub-command - "-f". Solaris Kerberos has maintained the original meaning
of "-f" so as to be backwards compatible. I thought to change that and
submitted PSARC case 2009/038. A PSARC member brought up the backwards
compatibilty issue for S10. The case is now on hold waiting for an
update. I think the best way forward is to introduce a new single-letter
option for "kdb5_util destroy" which will have the same meaning as
"destroy -f" does for MIT Kerberos. That way backwards compatibility
will be maintained. I'd like to see MIT also adopt the new option if
possible.
I had a look around to see what other kerberos utils use for
"do-without-prompting":
kadmin
- "delprinc -force"
- "delpol -force"
kdb5_ldap_util
- "destroy -f"
"-force" could work for "kdb5_util destroy" - it would be similar to
kadmin and intuitively is very similar to "-f". Unfortunately it would
probably require more code change than a single-letter option (due to
use of getopt in kdb5_destroy.c) and wouldn't be CLIP complient.
If we went with a single-letter option one of the following might be
suitable:
-F
-y
-n
Any thoughts? I'm leaning towards "-y". Whatever we choose I'd like to
bring it to MIT to see if they'll also support it so at least going
forward there will be more compatibility.
-M
