Return-Path: X-Original-To: apmail-directory-kerby-archive@minotaur.apache.org Delivered-To: apmail-directory-kerby-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 33C7B18699 for ; Fri, 20 Nov 2015 09:09:37 +0000 (UTC) Received: (qmail 1093 invoked by uid 500); 20 Nov 2015 09:09:37 -0000 Delivered-To: apmail-directory-kerby-archive@directory.apache.org Received: (qmail 1063 invoked by uid 500); 20 Nov 2015 09:09:37 -0000 Mailing-List: contact kerby-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: kerby@directory.apache.org Delivered-To: mailing list kerby@directory.apache.org Received: (qmail 1051 invoked by uid 99); 20 Nov 2015 09:09:36 -0000 Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Nov 2015 09:09:36 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 422F9180A2A for ; Fri, 20 Nov 2015 09:09:36 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.121 X-Spam-Level: X-Spam-Status: No, score=-0.121 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-us-west.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id jOx-mDk8RXK6 for ; Fri, 20 Nov 2015 09:09:35 +0000 (UTC) Received: from mail-pa0-f42.google.com (mail-pa0-f42.google.com [209.85.220.42]) by mx1-us-west.apache.org (ASF Mail Server at mx1-us-west.apache.org) with ESMTPS id 6DC9020225 for ; Fri, 20 Nov 2015 09:09:35 +0000 (UTC) Received: by pabfh17 with SMTP id fh17so114487229pab.0 for ; Fri, 20 Nov 2015 01:09:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=/XcRMDupweNrbsJvD03IrJvLaVG7Du0iypDM/drw7Nk=; b=Tm/FmzSPu76Kmh/bwGHm+YsjmLPUVpmzhlggfrZbV9W/gKbluJ7Mb/gnyrEwqdIfQe T7/5QEhdB0MBOZFWjxIcPh8XdtGtyGyNvY62k//XWgrdOct9pdEyPV4PP8nFOVvZ4rRW A0hxsZl64pGHcUgscQB+gwaEfESuPrN3G2uWB/7qPTq9np1sUsdP73srCFzeZ3TcI0Vf 2+9okmGE17509T+u2sdy9SmoVd3JOF2ZLrhc8Cr+4M4ozUsXNnK7MB6iNbJBnwoVYddM N8d0GN7ZUcqxxUNgojk5XQbvIs2bvwjPkfF6EWBVwFBwC0UVC4Z1z4kUrIyBl+84fGUL tdPQ== X-Received: by 10.68.135.199 with SMTP id pu7mr17550750pbb.98.1448010569213; Fri, 20 Nov 2015 01:09:29 -0800 (PST) Received: from [192.168.1.29] (AMontsouris-651-1-155-192.w82-123.abo.wanadoo.fr. [82.123.46.192]) by smtp.googlemail.com with ESMTPSA id c79sm319681pfj.71.2015.11.20.01.09.28 for (version=TLSv1/SSLv3 cipher=OTHER); Fri, 20 Nov 2015 01:09:28 -0800 (PST) Subject: Re: Categorize KrbOption by adding group info To: kerby@directory.apache.org References: <8D5F7E3237B3ED47B84CF187BB17B66611CC8733@SHSMSX152.ccr.corp.intel.com> <564EDACE.2080204@gmail.com> <8D5F7E3237B3ED47B84CF187BB17B66611CC8E2B@SHSMSX152.ccr.corp.intel.com> From: =?UTF-8?Q?Emmanuel_L=c3=a9charny?= Message-ID: <564EE344.3070801@gmail.com> Date: Fri, 20 Nov 2015 10:09:24 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 MIME-Version: 1.0 In-Reply-To: <8D5F7E3237B3ED47B84CF187BB17B66611CC8E2B@SHSMSX152.ccr.corp.intel.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Le 20/11/15 10:03, Zheng, Kai a écrit : >>> I'm not sure I see the point of having one gigantic Enum gathering all the possible flags that we can set on any different kerberos element. > Ok, got your point. Yeah, KrbOption is becoming big, including all kinds of options from frontended mechanism (PKINIT, TOKEN ...), tools (KINIT, Kadmin), and so on. That may be basically because KrbOption(s) accompany with KrbClient and KrbClient is full of all the client side APIs. The centralized APIs may be easier to users to look for and use. > >>> that would make it more complex for coders to know where everything is coming from and will disconnect the implementation from the RFC, making it harder to understand for new comers that have the RFC in front of them. > Agree. We should definitely improve this. For now we can add meaningful comments for each group/set of options. Further refactoring and improvement are expected given more thinking and ideas. Will keep this in mind. Note that it's juts my opinion. I just find it easier to stick to the RFC, instead of doing it 'à la Microsoft' (ie, redefining everything...)