[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Major changes to Heimdal in Heimdal 0.3e-5

Brian May <bam@debian.org> writes:

> >>>>> "Mikael" == Mikael Andersson <mikan@mikan.net> writes:
> 
> I don't think libdes is such a big problem anymore. I think only
> kerberos4kth uses it.

It's possible. But if I remember it right it confuse some programs wish
supports both krb4(kth), krb5 (heimdal) and ssl such as cyrus imap. 

>     Mikael> yet. Then we can compile the heimdal packege with krb4
>     Mikael> support and don't need to fix another heimdalkrb4
>     Mikael> package(s). For the people using heimdal and don't want
>     Mikael> the krb4 support, is easy to disable (kdc --no-kerberos4,
>     Mikael> and don't create any srvtab for the services). As an
>     Mikael> effect of this we will also get an libsasl-modules-nonus
>     Mikael> containing support for Kerberos.
> 
> You overlook the requirement that if Kerberos V4 support is built into
> Heimdal, then Heimdal will depend of kerberos4kth.

Just some parts of the kerberos4kth packages. 
/usr/lib/libkadm.so.1.0.7
/usr/lib/libkdb.so.1.0.7
/usr/lib/libkrb.so.1.0.7

(and 1 or 2 symlinks for each) 

I don't think that a big problem, if the kerberos4kth-lib package is split
in two part, one with the files required to for heimdal and an other for
the files wich conflicts with heimdal. Or splitting according to the same
strategy as the new heimdal package. It will be depending on
libkadm-kthkrb4
libkdb-kthkrb4
libkrb-kthkrb4 
and these will recommend a package containing the krb4 conf files but not
containing theme and confuse the krb5 only users with krb4 stuff. 

> I think rather then enabling Kerberos V4 by default, it should be made
> as easy as possible for users to compile their own version of Heimdal
> with krb4 support.

If it was only heimdal it's ok (I have already done that a lot), but you
also need to recompile sasl and other packeges. 

> This saves problems having to have manage a krb4 set of Heimdal
> packages and a non-krb4 set of packages in Debian.

If multiple packages is the only matter we can always have one packages
with heimdal and krb4 support :-)

> The major inconvenience is currently libcom_err, libss, and libsl.
> Ideally Debian should only have one version of these libraries.
> 
> IIRC, this is the only reason I have set heimdal-lib to conflict with
> kerberos4kth.

Last time I spoke with assar about that he prefered the version from the
heimdal over the krb4 (at that point the heimdal version was a bit newer,
but I think they are from the same cvs tree). 
And now (if I remember it right) you have split out this libs into separate
packages, so only the packages containing these libs will conflict with
kerberos4kth? 

> I tried to get Heimdal to use libcom_err from e2fsprogs, but got stuck
> as the version included in e2fsprogs is old, and doesn't have some of
> the new kth extensions.
> 
> A better solution would be to make everything use libcom_err*-heimdal
> (in which case I would rename it to libcom_err*) <grin>.

I agree about that, and I think that the kthkrb4 will be happy with it (you
could name it libcom_err*-kth instead :-), but I don't agree that the
heimdal packages without krb4 support is better that one with it. 

Sincerly
Mikael
Reply to: