Re: Currrent plan with kerberos, package divisions and compilation options

To: debian-devel@lists.debian.org
Subject: Re: Currrent plan with kerberos, package divisions and compilation options
From: gsstark@mit.edu (Gregory S. Stark)
Date: 15 Mar 1998 10:19:20 -0500
Message-id: <[🔎] ycqwwdw0yo7.fsf@portC34.Generation.NET>
In-reply-to: shields@crosslink.net's message of "14 Mar 1998 19:38:41 +0000"
References: <[🔎] ycqd8fpuwzc.fsf@mit.edu> <[🔎] g6btv96p8j.fsf@daedalus.crosslink.net>

The main reason I posted this list was to avoid overlaps with other packages. 
So, is everyone sure there is no other kftp, klogin, kmovemail etc.?

I'm thinking of optionally diverting the regular clients and services. I don't
think this would be the only package to do so though. Is that ok?

shields@crosslink.net (Michael Shields) writes:
> In article <[🔎] ycqd8fpuwzc.fsf@mit.edu>,
> gsstark@mit.edu (Gregory S. Stark) wrote:
> > kerberos4-user:
> >   /usr/bin/kinit
> >   /usr/bin/kdestroy
> >   /usr/bin/klist
> >   /usr/bin/kpasswd
> >   /usr/bin/kauth
> >   /usr/bin/zrefresh 
> > 
> > kerberos4-clients:
> >   /usr/bin/rsh
> >   /usr/bin/rcp
> >   /usr/bin/rlogin
> >   /usr/bin/ftp
> >   /usr/bin/telnet
> >   /usr/sbin/movemail
> >   /usr/bin/des
> >   /usr/bin/login
> >   /usr/bin/su

I've moved login and su to services, that way services has all the programs
that change administrative policy, and clients just has programs that allow
you to access other machines running kerberized services.

> I'm not sure why you would install kerberos4-user without
> kerberos4-clients.  Why not fold -user into -clients?

For the reason's Todd Graham Lewis said. Especially since clients contains
programs that replace normal programs -- even if I install with a prefix I
plan to ask the user at configure time if he wants to override the normal
clients (with diversions).

> > kerberos4-services:
> > kerberos4-server:
> 
> I'd suggest "kerberos4-servers" and "kerberos4-kdc" respectively.
> kerberos4-servers matches nicely with kerberos4-clients, and
> kerberos4-kdc makes it unambiguous that you probably don't need it.

I want to avoid the potential confusion that kerberos4-servers contained the
kdc. I did change the server package to kerberos4-kdc, but kept "services".

> > kerberos4-admin:
> >   /usr/bin/kadmin
> >   /usr/sbin/ksrvutil
> >   /usr/sbin/kadmind
> >   /usr/bin/ksrvtgt
> >   /usr/bin/kstring2key
> 
> I think these should be elsewhere -- kadmin in kerberos4-user, kadmind
> in kerberos4-kdc.  I'm not sure what the others are (I use MIT K5).

Yeah, the original idea was to not install libkadm or libkdb unless they were
needed. But libkadm turned out to be needed by kpasswd. I gave up and moved
these programs to -user except for kadmind which goes in -kdc. ksrvtgt and
ksrvutil are used on machines running kerberized services; they handle srvtabs
(ticket files for machines).

greg

--
E-mail the word "unsubscribe" to debian-devel-request@lists.debian.org
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? E-mail to listmaster@lists.debian.org

Reply to:

References:
- Currrent plan with kerberos, package divisions and compilation options
  - From: gsstark@mit.edu (Gregory S. Stark)
- Re: Currrent plan with kerberos, package divisions and compilation options
  - From: shields@crosslink.net (Michael Shields)

Prev by Date: Re: nsswitch.conf uses incorrect methods for passwd, group and shadow
Next by Date: Re: PPPD: New ip-{up,down} script handling
Previous by thread: Re: Currrent plan with kerberos, package divisions and compilation options
Next by thread: Re: Currrent plan with kerberos, package divisions and compilation options
Index(es):
- Date
- Thread