Krb5: handle [plugins] subsection #663
Conversation
|
ping? |
|
A quick test on the Fermi config has this working for some of our plugin plans. I'd love to see this merged. |
| { "disable" = "k5identity" } | ||
| } | ||
| { "pwqual" | ||
| { "module" = "mymodule:/path/to/mymodule.so" } |
There was a problem hiding this comment.
Would this be easier to work with as a deeper tree where module is a seq with mymodule = /path/to/mymodule.so so folks who need to easily switch from /usr/lib to /usr/lib64 for a specific module can target more directly?
There was a problem hiding this comment.
I'm not sure how seq would help in the case you mentioned, since you can use the following expressions to find your node:
/files/etc/krb5.conf/plugins/*/module[. =~ regexp(".*/mymodule2.*")]/files/etc/krb5.conf/plugins/*/module[. =~ regexp("mymodule:.*")]
There was a problem hiding this comment.
I'd avoid seq as much as possible when it's not necessary to use it. Imo seq is only useful when several consecutive nodes have the same label and you want to make sure they don't exchange indent/spaces when one of them is removed.
| module = mypreauth:/path/to/mypreauth.so | ||
| } | ||
| ccselect = { | ||
| disable = k5identity |
There was a problem hiding this comment.
disable and enable_only might need to be a seq as it can be specified multiple times https://web.mit.edu/kerberos/krb5-1.18/doc/admin/host_config.html
|
@jcpunk (replying here about both your notes wrt
|
|
Good call, I think all that makes sense. |
No description provided.