On Wed, 2009-01-21 at 10:36 +0000, Darren J Moffat wrote: > Wyllys Ingersoll wrote: > > Template Version: @(#)sac_nextcase %I% %G% SMI > > This information is Copyright 2009 Sun Microsystems > > 1. Introduction > > 1.1. Project/Component Working Name: > > non-interactive destroy for kdb5_util > > 1.2. Name of Document Author/Supplier: > > Author: Mark Phalan > > 1.3 Date of This Document: > > 20 January, 2009 > > 4. Technical Description > > > > Project: Non-interactive destroy for kdb5_util > > Submitter: Mark Phalan > > Binding: Patch > > > > ABSTRACT > > -------- > > > > This proposal adds support for an option to kdb5_util(1M) which allows a > > Kerberos policy and principal database to be destroyed without an > > interactive prompt for confirmation and adds a new global option to > > specify a stash file. This is useful when scripting kdb5_util(1M). After > > the changes outlined below are made kdb5_util will have better > > command-line compatibility with MIT Kerberos' kdb5_util. > > > > > > BACKGROUND > > ---------- > > > > MIT's kdb5_util uses the "-f" option for the "destroy" sub-command to > > indicate that the Kerberos policy and principal database should be > > destroyed without user interaction. It uses the "-sf" option as a global > > option to specify a stash file. Solaris's kdb5_util has no way to > > specify that the database should be destroyed non-interactively and uses > > the "-f" option as a global option to specify a stash-file (-sf is also > > implemented but not documented). > > Both the functionality provided by the option to non-interactively > > destroy a Kerberos database and the compatibility with MIT Kerberos are > > important for Solaris Kerberos. > > > > > > PROPOSAL > > -------- > > > > - New global CLI argument to indicate stash file - "-sf". > > - Change current meaning of "-f" to indicate non-interactive > > destroy. > > > > > > Patch binding is requested to allow these options to be backported to > > S10. However there are no current plans to do so at this time. > > You have an interface change that I don't believe is backwards > compatible yet you are requesting patch binding. Please justify why > this change in meaning for 'destroy -f' will be acceptable and won't > cause problems.
Let me discuss this with the rest of the i-team. We may drop the patch binding request. > > > SYNOPSIS > > - /usr/sbin/kdb5_util [-d dbname] [-f stashfile_name] > > + /usr/sbin/kdb5_util [-d dbname] [-sf stashfile_name] > > [-k mkeytype] [-m ] [-M mkeyname] [-P password] [-r realm] > > [-x db_args]... cmd > > I very very very stronly disagree with this synopsis change. > > The use of a two letter option name is not acceptable and is against the > CLIP guidelines. > Unfortunately kdb5_util has supported two letter (and greater) options for a long time. For e.g. kdb5_util dump -old kdb5_util dump -ov ... > However if this is what MIT Kerberos uses and kdb5_util is otherwise > compatible CLI syntax with the MIT version then I grudgingly hold my > nose and let this go. This is what MIT uses and compatibility is certainly a goal. > However please communicate to the upstream > community that a single dash with multiple option letters after it is > undesireable as it is confusing to many users, eg is '-sf' one option or > is it equivalent to '-s -f'. I agree it is confusing and will try to work with the upstream community to ensure that these sorts of interfaces don't appear in the future. Thanks, -M
