Re: Heimdal Bugs re update-alternatives
Le 10/02/2025 à 18:59, Russ Allbery a écrit :
It's unfortunate that the commands have the same names in both Kerberos
distributions, although it's understandable from a user UI perspective.
I don't have a good solution. Either using alternatives or not using
alternatives runs some risk of breaking things. I think I'd lean towards
using alternatives for kadmin because I think anyone installing both
kadmin client packages probably knows what they're doing and can cope, but
technically it is a policy violation because the two commands do not
implement the same interface.
You might use alternatives with 3 implementations:
a) one for Heimdal
b) one for MIT kerberos
c) one with a script that automatically calls Heimdal or MIT kerberos if only one of them is available
but that fails if both are installed (or none)
In the latter case (both installed), you might wish to add a way (envvar, config, extra parameter, etc) to let the user choose an implementation instead of failing.
a and b would recommends c (that would have a higher priority in the alternative system)
With such setup, installing only one implementation would be transparent (same behavior as before, kadmin referring to the only installed implementation).
This can be archived with c installed or not.
But with both installed (unusual but want-to-be-supported setup), with default setup (i.e. recommended packages installed), the user has to explicitly choose its implementation,
either by calling directly the good binary (other name or in an other path), or by configuring the new script to run the explicitly chosen version.
An admin would also be able to use the alternative system to choose (system-wide) the default kadmin implementation (with c installed or not)
Regards
Vincent
Reply to: