Template Version: @(#)sac_nextcase %I% %G% SMI
This information is Copyright 2009 Sun Microsystems
1. Introduction
1.1. Project/Component Working Name:
non-interactive destroy for kdb5_util
1.2. Name of Document Author/Supplier:
Author: Mark Phalan
1.3 Date of This Document:
20 January, 2009
4. Technical Description
Project: Non-interactive destroy for kdb5_util
Submitter: Mark Phalan
Binding: Patch
ABSTRACT
--------
This proposal adds support for an option to kdb5_util(1M) which allows a
Kerberos policy and principal database to be destroyed without an
interactive prompt for confirmation and adds a new global option to
specify a stash file. This is useful when scripting kdb5_util(1M). After
the changes outlined below are made kdb5_util will have better
command-line compatibility with MIT Kerberos' kdb5_util.
BACKGROUND
----------
MIT's kdb5_util uses the "-f" option for the "destroy" sub-command to
indicate that the Kerberos policy and principal database should be
destroyed without user interaction. It uses the "-sf" option as a global
option to specify a stash file. Solaris's kdb5_util has no way to
specify that the database should be destroyed non-interactively and uses
the "-f" option as a global option to specify a stash-file (-sf is also
implemented but not documented).
Both the functionality provided by the option to non-interactively
destroy a Kerberos database and the compatibility with MIT Kerberos are
important for Solaris Kerberos.
PROPOSAL
--------
- New global CLI argument to indicate stash file - "-sf".
- Change current meaning of "-f" to indicate non-interactive
destroy.
Patch binding is requested to allow these options to be backported to
S10. However there are no current plans to do so at this time.
Example:
To non-interactively destroy a Kerberos database
# kdb5_util destroy -f
** Database '/var/krb5/principal' destroyed.
#
DOCUMENTATION
-------------
--- kdb5_util.orig Fri Jan 2 14:05:53 2009
+++ kdb5_util.new Fri Jan 2 14:19:50 2009
@@ -9,7 +9,7 @@
kdb5_util - Kerberos Database maintenance utility
SYNOPSIS
- /usr/sbin/kdb5_util [-d dbname] [-f stashfile_name]
+ /usr/sbin/kdb5_util [-d dbname] [-sf stashfile_name]
[-k mkeytype] [-m ] [-M mkeyname] [-P password] [-r realm]
[-x db_args]... cmd
@@ -31,7 +31,7 @@
name is /var/krb5/principal.
- -f stashfile_name
+ -sf stashfile_name
Specify the stash file name. You can specify an absolute
path.
@@ -142,21 +142,22 @@
Creates the database specified by the -d option. You
will be prompted for the database master password.
If you specify -s, a stash file is created as speci-
- fied by the -f option. If you did not specify -f,
+ fied by the -sf option. If you did not specify -sf,
the default stash file name is /var/krb5/.k5.realm.
- If you use the -f, -k, or -M options when you create
+ If you use the -sf, -k, or -M options when you create
a database, then you must use the same options when
modifying or destroying the database.
- destroy
+ destroy [-f]
- Destroys the database specified by the -d option.
+ Destroys the database specified by the -d option. With
+ the -f argument, does not prompt the user.
6. Resources and Schedule
6.4. Steering Committee requested information
6.4.1. Consolidation C-team Name:
ON
6.5. ARC review type: FastTrack
6.6. ARC Exposure: open
