/etc/sasl

Russ Allbery rra at debian.org
Mon Jan 14 23:53:26 UTC 2008


Fabian Fagerholm <fabbe at paniq.net> writes:
> On Fri, 2008-01-11 at 23:40 +0100, Patrick Ben Koetter wrote:

>> IIRC RedHat already ships RHEL 5.1 with /etc/sasl2. We'll see how this
>> ends.  Having configuration in /usr/lib/sasl2, /usr/lib64/sasl2 (I've
>> seen that too) or /var/lib/sasl2 (Mandriva?) or associated with an
>> applications configuration directory is IMHO not the way any UNIX
>> system leaning towards FHS should do it.

>> I personally think /etc/sasl is a good place.
>
> /etc/sasl2 would be more symmetrical with the other sasl* commands and
> files. I think Ross' idea of creating the directory and placing a README
> file in it is not bad at all.
>
> We could then encourage other package maintainers to place default SASL
> configuration files for their programs in that directory.
>
> Opinions?

Currently, OpenLDAP puts its SASL configuration in /etc/ldap, which from
the OpenLDAP perspective also makes sense.  I personally think of SASL
configuration as more of an application configuration than a system-wide
configuration thing.  In other words, it doesn't feel like PAM as much as
it feels like the internals of the particular application.  This is helped
along by SASL's support for configuration hooks so that an application can
embed the SASL configuration directly inside its own normal configuration
mechanism.

It seems like the argument for putting all the SASL configuration in a
central directory would be if multiple packages were sharing the same
configuration (similar to PAM's common-auth files).  Is that the situation
that we expect?

(Regardless, I agree that /usr/lib/sasl2 is a bad location for any
configuration files of any kind, and in my ideal world the Debian packages
wouldn't look there at all.)

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>



More information about the Pkg-cyrus-sasl2-debian-devel mailing list