On Tue, Jan 31, 2017 at 10:57:33AM +0100, Mike Bonnet wrote: > > == Scope == > > * Proposal owners: > > SSSD developers will implement a KCM server. The krb5-libs package > > will then switch its default from KEYRING to KCM. The libkrb5 package > > will require the sssd-kcm subpackage and enable its socket so that the > > KCM server is socket activated when needed. Please note that the KCM > > server only listens on a local UNIX socket, not over the network. > > I'm concerned about a low-level library package like krb5-libs depending on > a higher-level package like sssd-ksm, and possible dependency cycles it > could create. Also, updating the default config in krb5-libs won't update > people who have edited their krb5.conf. > > Could the same thing be accomplished by having sssd-ksm drop the required > config into /etc/krb5.conf.d/, installing sssd-ksm via Workstation comps, > and skipping the package-level dependencies entirely? Yes, probably. Honestly, I'm not sure which of the two is preferable to Fedora. Shipping a configuration snippet with sssd-kcm that defaults to KCM as the credential cache type is what I wanted to do for F-25 so that users who are interested in testing this feature on a stable distribution could just 'dnf install sssd-kcm'. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
