diff options
| author | Greg Hudson <ghudson@mit.edu> | 2024-04-15 18:47:27 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2024-04-20 13:48:47 -0400 |
| commit | f951625e6bd3ff44f1056958b56e35a1a043e362 (patch) | |
| tree | b36904a55d672a5b826ea92d1614115e4b8fe946 /doc/admin | |
| parent | fc54edd1dc047aedb211beaa544c5e000fbdb7a6 (diff) | |
| download | krb5-f951625e6bd3ff44f1056958b56e35a1a043e362.zip krb5-f951625e6bd3ff44f1056958b56e35a1a043e362.tar.gz krb5-f951625e6bd3ff44f1056958b56e35a1a043e362.tar.bz2 | |
Improve profile final flag support
When parsing a file, ignore sections appearing after a final-flagged
section of the same name. Adjust the meaning of group_level in the
parser state so that it is 1 inside of top-level sections instead of
0, and simplify the addition of top-level sections to the tree by
relying on profile_add_node()'s section merging.
Make the final flag work for relations as well as sections. Check it
while parsing via a new check_final parameter in profile_add_node(),
and during iteration.
Output final flags for relations in dump_profile(). Make the final
flag available to it via a new output parameter in
profile_find_node_relation().
ticket: 9120
Diffstat (limited to 'doc/admin')
| -rw-r--r-- | doc/admin/conf_files/krb5_conf.rst | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/doc/admin/conf_files/krb5_conf.rst b/doc/admin/conf_files/krb5_conf.rst index 1b92170..ab73a69 100644 --- a/doc/admin/conf_files/krb5_conf.rst +++ b/doc/admin/conf_files/krb5_conf.rst @@ -35,12 +35,6 @@ or:: baz = quux } -Placing a '\*' after the closing bracket of a section name indicates -that the section is *final*, meaning that if the same section appears -within a later file specified in **KRB5_CONFIG**, it will be ignored. -A subsection can be marked as final by placing a '\*' after either the -tag name or the closing brace. - The krb5.conf file can include other files using either of the following directives at the beginning of a line:: @@ -58,6 +52,16 @@ section header. Starting in release 1.17, files are read in alphanumeric order; in previous releases, they may be read in any order. +Placing a '\*' after the closing bracket of a section name indicates +that the section is *final*, meaning that if the same section appears +again later, it will be ignored. A subsection can be marked as final +by placing a '\*' after either the tag name or the closing brace. A +relation can be marked as final by placing a '\*' after the tag name. +Prior to release 1.22, only sections and subsections can be marked as +final, and the flag only causes values to be ignored if they appear in +later files specified in **KRB5_CONFIG**, not if they appear later +within the same file or an included file. + The krb5.conf file can specify that configuration should be obtained from a loadable module, rather than the file itself, using the following directive at the beginning of a line before any section |