ITP Heimdal (Kerberos 5)
Hello All,
Heimdal is a free implementation of Kerberos that is not affected by
US export restrictions. While it is still under active development, it
seems to be mostly usable.
I have packaged a peliminary version of it. It still has a number
of faults (the first one is the most urgent, the second one
is one I would rather ignore ;-), the rest are minor and
should be easy to fix):
this list will act as a list to remind me what still needs
to be done.
- not sure about splitting of packages. Currently I have:
heimdal-clients - contains all clients, including ftp, telnet.
heimdal-servers - contains all servers except KDC.
eg telnetd, ftpd, popper (supports Maildir).
servers are in /usr/libexec.
also contains /usr/bin/login - not sure yet what
to do with the two different versions of login...
telnetd uses /usr/bin/login, debian uses /bin/login.
There is no real conflict between the two versions.
heimdal-kdc - server for KDC
heimdal-docs - documenentation
heimdal-dev - development files for library
heimdal-lib - base libraries
heimdal-x11 - client and server programs for X11.
In particular, I am not sure I like heimdal-x11, which contains
both servers and clients. Should I split this up into two?
Perhaps heimdal-x11-clients and heimdal-x11-servers?
Or would heimdal-clients-x11 and heimdal-servers-x11 be better?
- probably breaks every debian policy ever written. I don't
particularly want to check it with lintian right now ;-)
Is /usr/libexec allowed? Is /var/heimdal allowed?
- not sure what section I should put the /etc/inetd.conf entries
in. Currently I have used "KRB5" which just causes them to be
put under "OTHER". I stole the {post,pre}{inst,rm} code
from talkd, so hopefully it is Ok...
- autoconfiguration from debconf results isn't yet implemented.
Actually, this autoconfiguration will be minimal, and wont try to
setup server keys, etc. I think these jobs are best left for the
system administrator. I sent a message to debian-mentors about how to
get debconf data into a configuration file, in such a way that local
user changes wont get wiped. I am still waiting for a response...
- version (0.2h) is out of date, as new upstream version 0.2i is now
available.
- requires manual addition of the kx service to /etc/services.
- /etc/init.d/heimdal-kdc needs testing.
Significant difference to existing kerberos package (apart from being
Kerberos 5): programs aren't renamed in anyway, and heimdal-clients,
for instance cannot be installed at the same time as telnet. While
some may disagree, I think this is a more user friendly
approach. Hopefully, I have set up the conflicts fields correctly, but
there may be packages I have missed. If any files conflict when
installing to install one of these packages, please do not try to
force it to install (unless you don't mind breaking something), but
complain to me instead. Is there any automatic way I can find out what
files will conflict?
Only difference to upstream source: I modified popper so that it would
check for $HOME/Maildir, $HOME/Mailbox, before
/var/spool/mail/user. Maildir support was already included. Upstream
thinks this should be configurable, in case the user really does have
another file/directory with one of those names.
Where/how should I distribute the result? master is out of the
question, as it is non-US software. I am not sure it is stable enough
yet for slink (maybe when I get the packages split up in the optimal
way). Comments anyone?
--
Brian May <bam@debian.org>
Reply to: