Wyllys Ingersoll wrote: > Template Version: @(#)sac_nextcase %I% %G% SMI > This information is Copyright 2009 Sun Microsystems > 1. Introduction > 1.1. Project/Component Working Name: > non-interactive destroy for kdb5_util > 1.2. Name of Document Author/Supplier: > Author: Mark Phalan > 1.3 Date of This Document: > 20 January, 2009 > 4. Technical Description > > Project: Non-interactive destroy for kdb5_util > Submitter: Mark Phalan > Binding: Patch > > ABSTRACT > -------- > > This proposal adds support for an option to kdb5_util(1M) which allows a > Kerberos policy and principal database to be destroyed without an > interactive prompt for confirmation and adds a new global option to > specify a stash file. This is useful when scripting kdb5_util(1M). After > the changes outlined below are made kdb5_util will have better > command-line compatibility with MIT Kerberos' kdb5_util. > > > BACKGROUND > ---------- > > MIT's kdb5_util uses the "-f" option for the "destroy" sub-command to > indicate that the Kerberos policy and principal database should be > destroyed without user interaction. It uses the "-sf" option as a global > option to specify a stash file. Solaris's kdb5_util has no way to > specify that the database should be destroyed non-interactively and uses > the "-f" option as a global option to specify a stash-file (-sf is also > implemented but not documented). > Both the functionality provided by the option to non-interactively > destroy a Kerberos database and the compatibility with MIT Kerberos are > important for Solaris Kerberos. > > > PROPOSAL > -------- > > - New global CLI argument to indicate stash file - "-sf". > - Change current meaning of "-f" to indicate non-interactive > destroy. > > > Patch binding is requested to allow these options to be backported to > S10. However there are no current plans to do so at this time.
You have an interface change that I don't believe is backwards compatible yet you are requesting patch binding. Please justify why this change in meaning for 'destroy -f' will be acceptable and won't cause problems. > SYNOPSIS > - /usr/sbin/kdb5_util [-d dbname] [-f stashfile_name] > + /usr/sbin/kdb5_util [-d dbname] [-sf stashfile_name] > [-k mkeytype] [-m ] [-M mkeyname] [-P password] [-r realm] > [-x db_args]... cmd I very very very stronly disagree with this synopsis change. The use of a two letter option name is not acceptable and is against the CLIP guidelines. However if this is what MIT Kerberos uses and kdb5_util is otherwise compatible CLI syntax with the MIT version then I grudgingly hold my nose and let this go. However please communicate to the upstream community that a single dash with multiple option letters after it is undesireable as it is confusing to many users, eg is '-sf' one option or is it equivalent to '-s -f'. -- Darren J Moffat
