Hi. I took a look at this in preparation for the 1.14.2 update.
Unfortunately, I can't really do what you ask and ship kadm5.acl as a
conffile.
to be a conffile, in the usual case, the file needs to not be modified
from what the package ships.
However, by default we currently ship a version
23.03.2016, 03:57, Sam Hartman kirjoitti:
> Policy says that one package can't mess with another package's
> configuration. That is, it's not really OK from a policy POV for
> anything besides krb5 to mess with the configuration files for krb5.
> However, you can of course coordinate other
Policy says that one package can't mess with another package's
configuration. That is, it's not really OK from a policy POV for
anything besides krb5 to mess with the configuration files for krb5.
However, you can of course coordinate other things.
I can dig up specific citations if you'd like.
23.03.2016, 01:10, Sam Hartman kirjoitti:
> Not really.
> The acl is clearly not a conffile, because there is no default that is
> correct for a majority of sites.
> So, it's not appropriate to ship in a package, but instead should be
> created by a postinst somewhere.
> (I've been planning to get
Not really.
The acl is clearly not a conffile, because there is no default that is
correct for a majority of sites.
So, it's not appropriate to ship in a package, but instead should be
created by a postinst somewhere.
(I've been planning to get rid of krb5_newrealm and move realm setup
into
Package: krb5-admin-server
Severity: normal
Hi
I'm packaging freeipa, which does it's own thing when configuring
krb5kdc among other things. That means that when everything is set up
it's missing kadm5.acl since freeipa doesn't use krb5_newrealm. Could it
just be shipped in /etc/krb5kdc
6 matches
Mail list logo