On Wed, 2009-01-21 at 13:10 +0100, Mark Phalan wrote: > On Wed, 2009-01-21 at 10:36 +0000, Darren J Moffat wrote: > > Wyllys Ingersoll wrote: > > > Template Version: @(#)sac_nextcase %I% %G% SMI > > > This information is Copyright 2009 Sun Microsystems > > > 1. Introduction > > > 1.1. Project/Component Working Name: > > > non-interactive destroy for kdb5_util > > > 1.2. Name of Document Author/Supplier: > > > Author: Mark Phalan > > > 1.3 Date of This Document: > > > 20 January, 2009 > > > 4. Technical Description > > > > > > Project: Non-interactive destroy for kdb5_util > > > Submitter: Mark Phalan > > > Binding: Patch > > > > > > ABSTRACT > > > -------- > > > > > > This proposal adds support for an option to kdb5_util(1M) which allows a > > > Kerberos policy and principal database to be destroyed without an > > > interactive prompt for confirmation and adds a new global option to > > > specify a stash file. This is useful when scripting kdb5_util(1M). After > > > the changes outlined below are made kdb5_util will have better > > > command-line compatibility with MIT Kerberos' kdb5_util. > > > > > > > > > BACKGROUND > > > ---------- > > > > > > MIT's kdb5_util uses the "-f" option for the "destroy" sub-command to > > > indicate that the Kerberos policy and principal database should be > > > destroyed without user interaction. It uses the "-sf" option as a global > > > option to specify a stash file. Solaris's kdb5_util has no way to > > > specify that the database should be destroyed non-interactively and uses > > > the "-f" option as a global option to specify a stash-file (-sf is also > > > implemented but not documented). > > > Both the functionality provided by the option to non-interactively > > > destroy a Kerberos database and the compatibility with MIT Kerberos are > > > important for Solaris Kerberos. > > > > > > > > > PROPOSAL > > > -------- > > > > > > - New global CLI argument to indicate stash file - "-sf". > > > - Change current meaning of "-f" to indicate non-interactive > > > destroy. > > > > > > > > > Patch binding is requested to allow these options to be backported to > > > S10. However there are no current plans to do so at this time. > > > > You have an interface change that I don't believe is backwards > > compatible yet you are requesting patch binding. Please justify why > > this change in meaning for 'destroy -f' will be acceptable and won't > > cause problems. > > Let me discuss this with the rest of the i-team. We may drop the patch > binding request.
After some discussions we've decided that the best way forward is to replace the proposed "-f" option with an alternative which will be backwards compatible with S10. The plan is to discuss this with MIT. I'll send an update to this PSARC case once that has been finalized. -M
