[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Major changes to Heimdal in Heimdal 0.3e-5

Brian May <bam@debian.org> writes:

> >>>>> "Mikael" == Mikael Andersson <mikan@mikan.net> writes:

Hi

Sorry for my late answer, my mailserver was down yesterday, and I have a busy day. I also lost two previous replies. 

>     Mikael> yet. Then we can compile the heimdal packege with krb4
>     Mikael> support and don't need to fix another heimdalkrb4
>     Mikael> package(s). For the people using heimdal and don't want
>     Mikael> the krb4 support, is easy to disable (kdc --no-kerberos4,
>     Mikael> and don't create any srvtab for the services). As an
>     Mikael> effect of this we will also get an libsasl-modules-nonus
>     Mikael> containing support for Kerberos.
>     >> You overlook the requirement that if Kerberos V4 support is
>     >> built into Heimdal, then Heimdal will depend of kerberos4kth.
> 
>     Mikael> Just some parts of the kerberos4kth
>     Mikael> packages. /usr/lib/libkadm.so.1.0.7
>     Mikael> /usr/lib/libkdb.so.1.0.7 /usr/lib/libkrb.so.1.0.7
> 
>     Mikael> (and 1 or 2 symlinks for each)
> 
> libkadm is not a problem (it is called libkadm5clnt and libkadm4srv
> is heimdal).
> 
> libkdb doesn't exist in Heimdal.
> 
> libkrb has been renamed to libkrb5.
> 
> I thought libcom_err and libss were once a problem, but apparently
> this is no longer the case?

The solution I have done wasn't so clean as you can do it. 
It contains of a packate called ekthkrb (e as eget (swedish for own)) wish
contains this lib files and some include files. This was enought to get the
heimdal to compile with krb4 support. I doesn't include any krb4 binaries
because all of them (except some kip stuff) is already included in
heimdal. 

I think we need to split the krb4-{lib,dev} packets into at least two parts, one wish not conflict with heimdal and contain the files to get heimdal compile with krb4 support and another wish contains the other files. At the same time I think that we should compile krb4 with ssl instead of des, but that patch isn't in the upstream yet.

> I wish I could down load a list of files each package contains,
> without down-loading everything.

Same here. Maybe an extension to package.debian.org? 

> The only problem seems to be libsl:
> 
> heimdal contains /usr/lib/libsl.so.0.0.1 and kerberos4kth contains
> /usr/lib/libsl.0.9.9
> 
> Both packages contain /usr/lib/libsl.0

Se my split suggestions. 
 
> 
>     >> I think rather then enabling Kerberos V4 by default, it should
>     >> be made as easy as possible for users to compile their own
>     >> version of Heimdal with krb4 support.
> 
>     Mikael> If it was only heimdal it's ok (I have already done that a
>     Mikael> lot), but you also need to recompile sasl and other
>     Mikael> packages.
> 
> Are you sure? It could be just a problem with broken library
> dependencies too. eg. AFAIK sasl only needs to link into -lkrb5, and
> any other library including -lkrb should get pulled in automatically.

The -lkrb5 flags only give you krb5 support into stuff like sasl-modules, and I want them with krb4 support also. 

> Or, does compiling in krb4 support change the binary API of Heimdal?

Not what I known, but i doesn't extend it to support krb4. 

What kind of patches is it you have mailed to upstream (assar and joda) and doesn't get into the cvstree? I speak with assar quite often and can maybe try to convince him that the patches are needed. 

Sincerly 
Mikael
Reply to: