help-shishi
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: shishi.skel somewhat large

From: Elrond
Subject: Re: shishi.skel somewhat large
Date: Wed, 31 May 2006 19:01:01 +0200
User-agent: Mutt/1.5.9i 
On Wed, May 31, 2006 at 04:06:13PM +0200, Simon Josefsson wrote:
> Elrond <address@hidden> writes:
> 
> > Apropos Debian packaging (or at least, what ends up on my
> > box ;) ):
> >
> > Why is shishi.skel so big, when there is
> > /etc/shishi/shishi.conf with mostly the same contents?
> 
> One is per-system and the other is per-user...  I'd thought it would
> be good to document all options in both files, but I agree it is a bit
> redundant.

That's why I suggested the reference to the system config.
Something on the lines of:

        For further information on these and other options, see
        - /etc/shishi/shishi.conf
        - shishi.conf(5)


> > My idea would be for a very small shishi.skel:
> > - Short header with reference to system shishi.conf with
> >   path
> > - most useful/used options with only short explanation.
> 
> This sounds better.
> 
> How about removing read-krb5conf, default-realm, realm-kdc,
> server-realm, kdc-timeout, kdc-retries from shishi.skel?

Not only removing those, but stripping the description for
the remaining down to one or two lines.


[...]
> > - default-realm
> > - realm-kdc
> > - server-realm
> 
> It seems these really should be in the system config, I see few uses
> for normal users to ever frob those values.

Right.

Maybe the default-realm?
(Is it used anywhere except for the default-principal?)

Like "I work on this remote realm all day".


> They would still be able
> to do so, but there would be no comments in the file to help them.

Right.


> Conversely, I do think these are useful to configure per-user:
> 
> client-kdc-etypes

I don't have much contact to people using kerberos (and
knowing they do), so I can't tell, if joe average user
knows anything about etypes. I would doubt it.

So the compiled in (or system default) should be a
reasonable set, that works 99% of the time, IMHO.


> ticket-life
> renew-life

Those might make sense, right.
People might really know, that they only need reduced life
times (for security reasons).


> verbose*
[...]

Do they have any point except debugging?


    Elrond
reply via email to
[Prev in Thread] Current Thread [Next in Thread]