>There is a huge difference between the two cases: > > * users execute aklog every day. therefore it is crucial from a > support perspective that there be a single command that works for > everyone regardless of which Kerberos is installed.
"eh". I'm not sure I agree with that; at our site, users don't run aklog directly, something else runs it for them. I could switch to another command and I doubt anyone would notice. I know, not everyone is in this boat. But in hindsight, I doubt the Heimdal aklog was worth it just for consistency's sake (at least it wasn't worth it for me). It's not like the pooch hasn't been completely screwed regarding aklog support anyway, regardless of porting it to Heimdal. > * AFS administrators execute 'asetkey' not users and they don't do it > every day. There is still a documentation and support issue which > is why I believe that 'asetkey' must be built and installed even when > Heimdal is the Kerberos implementation. However, I don't think that > 'asetkey' must actually be able to set the key when Heimdal is used. > Instead, printing an error message indicating that the appropriate > Heimdal command should be executed instead is just fine. Of course, using this logic I could have simply saved myself a lot of pain and made the Heimdal aklog a shell script which did "exec afslog". :-/ That means I could have double-forked aklog .... which is of course one of my lifelong dreams. --Ken _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
