kafs-client (recent strangeness of with add_key)

[Bill MacAllister]

Spencer,

Thanks for pushing this forward.  I have had my command line changes 
pending
forever and never sent them upstream to David.  I will be more timely 
for
a while because we are approaching the Debian bookworm freeze and I 
would
really like to see these changes make it into the release.

To this end I would like to pick up on Spencer's work, work in Jeff
suggestions, and have David accept the changes upstream.  I certainly
am not interested in making extra work for anyone and will gladly
accept suggestions on the best way to do this.

Oh, and if someone else has time or wants to do this work that would
make a lot of sense.  I am not much of a c programmer.  My proposals
here are with respect to the command line parsing only.  The other
changes that Jeff's discussed will need someone besides me to address
them.

On 2022-11-21 08:15, Jeffrey E Altman wrote:
> Hello Spencer,
> 
> The change "remove -d (debug) option and improve -v (verbose) option"
> should in my opinion be inverted in order to improve compatibility
> with the OpenAFS aklog:

I am pretty sure the introduction of "-v" is is due to my initial change
to the switch processing.  My change was prompted by my desire to use
aklog-kafs with k5start.  k5start expects the aklog program to have 
output
only on failures.

But, I see that Spencer has expanded verbose to allow the specification 
of
-v multiple times and get additional output.  Certainly a reasonable and
useful expansion.

> Usage: aklog [-d] [[-cell | -c] cell [-k krb_realm]] [[-p | -path] 
> pathname]
>     [-zsubs] [-hosts] [-noauth] [-noprdb] [-force] [-setpag]
>     [-linked] [-insecure_des] [-524]
> 
> The various pam implementations that call an external aklog assume the
> OpenAFS command line interface.  Enabling verbose output is performing
> by specifying "-d".
> 
> I agree that there is little benefit to separate "-d" and "-v" options
> but I believe "-v" should be removed or that they should be synonyms.

I propose we drop "-v" altogether and just make "-d" display all of the
output that "-vvv" is currently displaying.  I understand the desire to
add levels of verbosity, but in this case I don't think the small amount
of additional output is an impediment to understanding.

I also propose following Jeff's suggestion to implement support for all
of the OpenAFS aklog switches and ignoring the ones that kafs does not
suppport.  For switches that we do ignore we should add some output
indicating that we are ignoring the switch if "-d" is specified.

The one sticking point that I see is that OpenAFS wants "-c" to specify
the cell and currently kafs-client takes that as argument number 1.  I
propose that the cell be accepted either way to make sure we don't break
any existing uses.

Now, some Debian specific packaging building issues.  I am not a Debian
developer and I ask Russ Allbery to upload packages for me.  I use gbp
(git buildpackage) to build the packages that I maintain, and I am not
familiar with other package building methodologies.  Because of that I
was not able to build a Debian package from Spencer's debian branch.
In that branch it would be great to add some documentation on how to
build the packages.

I did test the changes that Spencer has made by creating a tarball from
the master branch, downloading the Debian source package from the 
current
release, using "gbp import-dsc", and then using "gbp buildpackage" to
build the packages.  That is how I will end up handing the package off
to Russ when we get there.  Well, maybe, he might just want the upstream
source.

Bill

-- 
"What can be asserted without evidence can also be dismissed without 
evidence."
Christopher Hitchens