Re: demoting a dependency
Mike Hommey <firstname.lastname@example.org> writes:
> On Tue, Mar 31, 2009 at 03:21:02PM +0200, Marco d'Itri <md@Linux.IT> wrote:
>> Is there a more elegant way to do this?
> You just don't do it like that, because:
> $ ldd /usr/lib/news/bin/auth/passwd/auth_krb5 | grep com_err
> libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7f2f000)
> If you don't want to depend on libcomerr2, don't depend on it. It's not
> because libkrb5-3 already depends on it that it's a proper thing to
> remove the dependency that way. What happens when libkrb5-3 depends on
> libcomerr3 ?
The fundamental problem is that auth_krb5 is horrible (I say this as the
upstream maintainer of the package). It really needs to be rewritten
completely against a Kerberos API that isn't 10 years old. There's no
reason why it should have to be calling com_err directly with the Kerberos
libraries in even lenny. I just haven't had the chance to do that.
Also, for most usage situations, one really wants to just use INN's PAM
support rather than a Kerberos-only password authenticator and configure
nnrpd to use pam_krb5.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>