Please find, for review, the debconf templates of krb5. This review will last from Saturday, May 26, 2007 to Tuesday, June 05, 2007. Please send reviews as unified diffs (diff -u) against the original files. Comments about your proposed changes will be appreciated. Your review should be sent as an answer to this mail. When appropriate, I will send intermediate requests for review, with "[RFRn]" (n>=2) as a subject tag. When we will reach a consensus, I send a "Last Chance For Comments" mail with "[LCFC]" as a subject tag. Finally, the reviewed templates will be sent to the package maintainer as a bug report, and a mail will be sent to this list with "[BTS]" as a subject tag. --
Template: krb5-admin-server/newrealm Type: note _Description: Setting up a Kerberos Realm This package contains the administrative tools necessary to run on the Kerberos master server. . However, installing this package does not automatically set up a Kerberos realm. This can be done later by running the 'krb5_newrealm' command. . Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the administration guide found in the krb5-doc package. Template: krb5-admin-server/kadmind Type: boolean Default: true _Description: Run the Kerberos5 administration daemon (kadmind)? Kadmind serves requests to add/modify/remove principals in the Kerberos database. . It is required by the kpasswd program, used to change passwords. With standard setups, this daemon should run on the master KDC.
Template: krb5-kdc/debconf Type: boolean Default: true _Description: Create the Kerberos KDC configuration automatically? The Kerberos Domain Controller (KDC) configuration files, in /etc/krb5kdc, may be created automatically. . By default, an example template will be copied into this directory with local parameters filled in. . Some sites who already have infrastructure to manage their own Kerberos configuration will wish to disable any automatic configuration changes. Template: krb5-kdc/krb4-mode Type: select __Choices: disable, full, nopreauth, none Default: none _Description: Kerberos4 compatibility mode to use: By default, Kerberos4 requests are allowed from principals that do not require preauthentication ('nopreauth'). This allows Kerberos4 services to exist while requiring most users to use Kerberos5 clients to get their initial tickets. These tickets can then be converted to Kerberos4 tickets. . Alternatively, the mode can be set to 'full', allowing Kerberos4 to get initial tickets even when preauthentication would normally be required, or to 'disable', which will disable all Kerberos4 support. Template: krb5-kdc/run-krb524 Type: boolean _Description: Run a Kerberos5 to Kerberos4 tickets conversion daemon? Krb524d is a daemon that converts Kerberos5 tickets into Kerberos4 tickets for the krb524init program. . It is recommended to use that daemon if Kerberos4 is enabled, more particularly when the Kerberos4 compatibility is set to 'nopreauth' Template: krb5-kdc/purge_data_too Type: boolean Default: false _Description: Should the data be purged as well as the package files? By default, purging this package will not delete the KDC database in /var/lib/krb5kdc/principal since this database cannot be recovered once it is deleted. . Choose this option if you wish to delete the KDC database when this package is purged, deleting all of the user accounts and passwords in the KDC.
--- ../krb5.old/debian/krb5-admin-server.templates 2007-05-20 10:50:24.309583226 +0200 +++ debian/krb5-admin-server.templates 2007-05-21 20:02:15.221072381 +0200 @@ -2,21 +2,21 @@ Type: note _Description: Setting up a Kerberos Realm This package contains the administrative tools necessary to run on the - Kerberos master server. However, installing this package does not - automatically set up a Kerberos realm. Doing so requires entering - passwords and as such is not well-suited for package installation. To - create the realm, run the krb5_newrealm command. You may also wish to read - /usr/share/doc/krb5-kdc/README.KDC and the administration guide found in - the krb5-doc package. + Kerberos master server. . - Don't forget to set up DNS information so your clients can find your KDC - and admin servers. Doing so is documented in the administration guide. + However, installing this package does not automatically set up a + Kerberos realm. This can be done later by running the 'krb5_newrealm' + command. + . + Please also read the /usr/share/doc/krb5-kdc/README.KDC file + and the administration guide found in the krb5-doc package. Template: krb5-admin-server/kadmind Type: boolean Default: true _Description: Run the Kerberos5 administration daemon (kadmind)? Kadmind serves requests to add/modify/remove principals in the - Kerberos database. It also must be running for the kpasswd program - to be used to change passwords. Normally, this daemon runs on the - master KDC. + Kerberos database. + . + It is required by the kpasswd program, used to change passwords. + With standard setups, this daemon should run on the master KDC. --- ../krb5.old/debian/krb5-kdc.templates 2007-05-20 10:50:24.257582594 +0200 +++ debian/krb5-kdc.templates 2007-05-22 18:50:38.465570955 +0200 @@ -1,34 +1,40 @@ Template: krb5-kdc/debconf Type: boolean Default: true -_Description: Create Kerberos KDC Configuration with debconf? - Many sites will wish to have this script automatically create Kerberos KDC - configuration files in /etc/krb5kdc. By default an example template will - be copied into this directory with local parameters filled in. Some sites - who already have infrastructure to manage their own Kerberos configuration - will wish to disable any automatic configuration changes. +_Description: Create the Kerberos KDC configuration automatically? + The Kerberos Domain Controller (KDC) configuration files, in + /etc/krb5kdc, may be created automatically. + . + By default, an example template will be copied into this directory + with local parameters filled in. + . + Some sites who already have infrastructure to manage their own + Kerberos configuration will wish to disable any automatic + configuration changes. Template: krb5-kdc/krb4-mode Type: select -_Choices: disable, full, nopreauth, none +__Choices: disable, full, nopreauth, none Default: none _Description: Kerberos4 compatibility mode to use: - By default, Kerberos4 requests are allowed from principals that do not - require preauthentication. This allows Kerberos4 services to exist while - requiring most users to use Kerberos5 clients to get their initial - tickets. These tickets can then be converted to Kerberos4 tickets. - Alternatively, the mode can be set to full, allowing Kerberos4 to get - initial tickets even when preauthentication would normally be required, or - to disable, which will disable all Kerberos4 support. + By default, Kerberos4 requests are allowed from principals that do + not require preauthentication ('nopreauth'). This allows Kerberos4 + services to exist while requiring most users to use Kerberos5 clients + to get their initial tickets. These tickets can then be converted to + Kerberos4 tickets. + . + Alternatively, the mode can be set to 'full', allowing Kerberos4 to + get initial tickets even when preauthentication would normally be + required, or to 'disable', which will disable all Kerberos4 support. Template: krb5-kdc/run-krb524 Type: boolean -_Description: Run a krb524d? +_Description: Run a Kerberos5 to Kerberos4 tickets conversion daemon? Krb524d is a daemon that converts Kerberos5 tickets into Kerberos4 tickets - for the krb524init program. If you have Kerberos4 enabled at all, then - you probably want to run this program. Especially when Kerberos4 - compatibility is set to nopreauth, krb524d is important if you have any - Kerberos4 services. + for the krb524init program. + . + It is recommended to use that daemon if Kerberos4 is enabled, more + particularly when the Kerberos4 compatibility is set to 'nopreauth' Template: krb5-kdc/purge_data_too Type: boolean @@ -36,6 +42,7 @@ _Description: Should the data be purged as well as the package files? By default, purging this package will not delete the KDC database in /var/lib/krb5kdc/principal since this database cannot be recovered once - it is deleted. If you wish to delete your KDC database when this package - is purged, knowing that purging this package will then mean deleting all - of the user accounts and passwords in the KDC, enable this option. + it is deleted. + . + Choose this option if you wish to delete the KDC database when this package + is purged, deleting all of the user accounts and passwords in the KDC. --- ../krb5.old/debian/control 2007-05-20 10:50:24.293583031 +0200 +++ debian/control 2007-05-22 18:52:34.914445128 +0200 @@ -14,9 +14,9 @@ Architecture: any Description: MIT Kerberos administration runtime libraries Kerberos is a system for authenticating users and services on a network. - Kerberos is a trusted third-party service. That means that there is a + Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on - the network (users and services, usually called "principals"). + the network (users and services, usually called 'principals'). . This is the MIT reference implementation of Kerberos5. . @@ -31,9 +31,9 @@ Conflicts: openafs-krb5 (<< 1.3-10), ssh-krb5 (<< 3.8.1p1-10), libauthen-krb5-perl (<< 1.4-5), libapache-mod-auth-kerb (<= 4.996-5.0-rc6-2), libapache2-mod-auth-kerb (<= 4.996-5.0-rc6-2) Description: MIT Kerberos runtime libraries Kerberos is a system for authenticating users and services on a network. - Kerberos is a trusted third-party service. That means that there is a + Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on - the network (users and services, usually called "principals"). + the network (users and services, usually called 'principals'). . This is the MIT reference implementation of Kerberos5. . @@ -47,9 +47,9 @@ Conflicts: heimdal-clients, kerberos4kth-user, suidmanager (<< 0.50), kerberos4kth-services Description: Basic programs to authenticate using MIT Kerberos Kerberos is a system for authenticating users and services on a network. - Kerberos is a trusted third-party service. That means that there is a + Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on - the network (users and services, usually called "principals"). + the network (users and services, usually called 'principals'). . This is the MIT reference implementation of Kerberos5. . @@ -66,9 +66,9 @@ Provides: telnet-client Description: Secure replacements for ftp, telnet and rsh using MIT Kerberos Kerberos is a system for authenticating users and services on a network. - Kerberos is a trusted third-party service. That means that there is a + Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on - the network (users and services, usually called "principals"). + the network (users and services, usually called 'principals'). . This is the MIT reference implementation of Kerberos5. . @@ -82,9 +82,9 @@ Provides: rsh-server Description: Secure replacements for rshd and rlogind using MIT Kerberos Kerberos is a system for authenticating users and services on a network. - Kerberos is a trusted third-party service. That means that there is a + Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on - the network (users and services, usually called "principals"). + the network (users and services, usually called 'principals'). . This is the MIT reference implementation of Kerberos5. . @@ -99,7 +99,7 @@ Provides: ftp-server Description: Secure FTP server supporting MIT Kerberos Kerberos is a system for authenticating users and services on a network. - Kerberos is a trusted third-party service. That means that there is a + Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). . @@ -116,7 +116,7 @@ Priority: extra Description: Secure telnet server supporting MIT Kerberos Kerberos is a system for authenticating users and services on a network. - Kerberos is a trusted third-party service. That means that there is a + Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). . @@ -133,15 +133,15 @@ Conflicts: kerberos4kth-kdc Description: MIT Kerberos key server (KDC) Kerberos is a system for authenticating users and services on a network. - Kerberos is a trusted third-party service. That means that there is a + Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). . This is the MIT reference implementation of Kerberos5. . - This package contains the Kerberos key server (KDC). The KDC manages all + This package contains the Kerberos key server (KDC). The KDC manages all authentication credentials for a Kerberos realm, holds the master keys - for the realm, and responds to authentication requests. This package + for the realm, and responds to authentication requests. This package should be installed on both master and slave KDCs. Package: krb5-admin-server @@ -150,7 +150,7 @@ Depends: ${shlibs:Depends}, ${misc:Depends}, libkrb53 (= ${Source-Version}), krb5-kdc, lsb-base (>= 3.0-6) Description: MIT Kerberos master server (kadmind) Kerberos is a system for authenticating users and services on a network. - Kerberos is a trusted third-party service. That means that there is a + Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). . @@ -158,9 +158,9 @@ . This package contains the Kerberos master server (kadmind), which handles account creations and deletions, password changes, and other - administrative commands via the Kerberos admin protocol. It also + administrative commands via the Kerberos admin protocol. It also contains the command used by the master KDC to propagate its database to - slave KDCs. This package is generally only used on the master KDC for a + slave KDCs. This package is generally only used on the master KDC for a Kerberos realm. Package: libkrb5-dev @@ -172,7 +172,7 @@ Suggests: krb5-doc Description: Headers and development libraries for MIT Kerberos Kerberos is a system for authenticating users and services on a network. - Kerberos is a trusted third-party service. That means that there is a + Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). . @@ -188,14 +188,14 @@ Section: libdevel Description: Debugging files for MIT Kerberos Kerberos is a system for authenticating users and services on a network. - Kerberos is a trusted third-party service. That means that there is a + Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). . This is the MIT reference implementation of Kerberos5. . This package contains the debugging information for the MIT Kerberos - libraries. Install this package if you need to trace problems inside the + libraries. Install this package if you need to trace problems inside the MIT Kerberos libraries with a debugger. Package: krb5-doc @@ -206,7 +206,7 @@ Section: doc Description: Documentation for MIT Kerberos Kerberos is a system for authenticating users and services on a network. - Kerberos is a trusted third-party service. That means that there is a + Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). .
Source: krb5 Section: net Priority: standard Build-Depends: binutils (>= 2.14.90.0.7), libncurses5-dev, docbook-to-man, debhelper (>= 5), byacc | bison, comerr-dev (>= 2.0-1.33-2), ss-dev, texinfo (> 4.1), libkeyutils-dev Standards-Version: 3.7.2 Maintainer: Sam Hartman <hartmans@debian.org> Uploaders: Russ Allbery <rra@debian.org> Package: libkadm55 Section: libs Priority: optional Depends: ${shlibs:Depends}, libkrb53 (= ${Source-Version}) Replaces: libkrb53 (<= 1.3) Architecture: any Description: MIT Kerberos administration runtime libraries Kerberos is a system for authenticating users and services on a network. Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called 'principals'). . This is the MIT reference implementation of Kerberos5. . This package contains the administration runtime libraries, used by the kadmin protocol and the KDC. Package: libkrb53 Section: libs Architecture: any Depends: ${shlibs:Depends} Suggests: krb5-doc, krb5-user Conflicts: openafs-krb5 (<< 1.3-10), ssh-krb5 (<< 3.8.1p1-10), libauthen-krb5-perl (<< 1.4-5), libapache-mod-auth-kerb (<= 4.996-5.0-rc6-2), libapache2-mod-auth-kerb (<= 4.996-5.0-rc6-2) Description: MIT Kerberos runtime libraries Kerberos is a system for authenticating users and services on a network. Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called 'principals'). . This is the MIT reference implementation of Kerberos5. . This package contains the runtime libraries used by applications and Kerberos clients. Package: krb5-user Architecture: any Priority: optional Depends: ${shlibs:Depends}, libkrb53 (= ${Source-Version}), libkadm55 (= ${Source-Version}), krb5-config Conflicts: heimdal-clients, kerberos4kth-user, suidmanager (<< 0.50), kerberos4kth-services Description: Basic programs to authenticate using MIT Kerberos Kerberos is a system for authenticating users and services on a network. Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called 'principals'). . This is the MIT reference implementation of Kerberos5. . This package contains the basic programs to authenticate to MIT Kerberos, change passwords, and talk to the admin server (to create and delete principals, list principals, etc.). Package: krb5-clients Architecture: any Priority: optional Depends: ${shlibs:Depends}, libkrb53 (= ${Source-Version}), krb5-config Suggests: rsh-client Conflicts: kerberos4kth-clients, kerberos4kth-services, heimdal-clients Provides: telnet-client Description: Secure replacements for ftp, telnet and rsh using MIT Kerberos Kerberos is a system for authenticating users and services on a network. Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called 'principals'). . This is the MIT reference implementation of Kerberos5. . This package contains secure replacements for ftp, telnet, rsh, rlogin, and rcp that use Kerberos for authentication. Package: krb5-rsh-server Architecture: any Priority: optional Depends: ${shlibs:Depends}, libkrb53 (= ${Source-Version}), update-inetd, krb5-config Provides: rsh-server Description: Secure replacements for rshd and rlogind using MIT Kerberos Kerberos is a system for authenticating users and services on a network. Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called 'principals'). . This is the MIT reference implementation of Kerberos5. . This package contains replacements for rshd and rlogind that use Kerberos for authentication. Package: krb5-ftpd Architecture: any Depends: ${shlibs:Depends}, libkrb53 (= ${Source-Version}), update-inetd, krb5-config Conflicts: ftpd Priority: extra Provides: ftp-server Description: Secure FTP server supporting MIT Kerberos Kerberos is a system for authenticating users and services on a network. Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). . This is the MIT reference implementation of Kerberos5. . This package contains an FTP server that uses Kerberos for authentication. Package: krb5-telnetd Architecture: any Depends: ${shlibs:Depends}, libkrb53 (= ${Source-Version}), update-inetd, krb5-config, krb5-rsh-server Conflicts: telnetd, telnet-server Provides: telnet-server Priority: extra Description: Secure telnet server supporting MIT Kerberos Kerberos is a system for authenticating users and services on a network. Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). . This is the MIT reference implementation of Kerberos5. . This package contains a replacement for telnetd that uses Kerberos for authentication. Package: krb5-kdc Architecture: any Priority: optional Depends: ${shlibs:Depends}, ${misc:Depends}, libkrb53 (= ${Source-Version}), update-inetd, krb5-user, lsb-base (>= 3.0-6) Suggests: krb5-admin-server Conflicts: kerberos4kth-kdc Description: MIT Kerberos key server (KDC) Kerberos is a system for authenticating users and services on a network. Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). . This is the MIT reference implementation of Kerberos5. . This package contains the Kerberos key server (KDC). The KDC manages all authentication credentials for a Kerberos realm, holds the master keys for the realm, and responds to authentication requests. This package should be installed on both master and slave KDCs. Package: krb5-admin-server Architecture: any Priority: optional Depends: ${shlibs:Depends}, ${misc:Depends}, libkrb53 (= ${Source-Version}), krb5-kdc, lsb-base (>= 3.0-6) Description: MIT Kerberos master server (kadmind) Kerberos is a system for authenticating users and services on a network. Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). . This is the MIT reference implementation of Kerberos5. . This package contains the Kerberos master server (kadmind), which handles account creations and deletions, password changes, and other administrative commands via the Kerberos admin protocol. It also contains the command used by the master KDC to propagate its database to slave KDCs. This package is generally only used on the master KDC for a Kerberos realm. Package: libkrb5-dev Section: libdevel Architecture: any Depends: libkrb53 (= ${Source-Version}), libkadm55 (= ${Source-Version}), comerr-dev Conflicts: heimdal-dev Priority: extra Suggests: krb5-doc Description: Headers and development libraries for MIT Kerberos Kerberos is a system for authenticating users and services on a network. Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). . This is the MIT reference implementation of Kerberos5. . This package contains the symlinks, headers, and development libraries needed to compile and link programs that use the Kerberos libraries. Package: libkrb5-dbg Architecture: any Depends: libkrb53 (= ${Source-Version}), libkadm55 (= ${Source-Version}) Priority: extra Section: libdevel Description: Debugging files for MIT Kerberos Kerberos is a system for authenticating users and services on a network. Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). . This is the MIT reference implementation of Kerberos5. . This package contains the debugging information for the MIT Kerberos libraries. Install this package if you need to trace problems inside the MIT Kerberos libraries with a debugger. Package: krb5-doc Architecture: all Priority: optional Conflicts: heimdal-docs, kerberos4kth-clients Replaces: krb5-user (<< 1.2.2-8) Section: doc Description: Documentation for MIT Kerberos Kerberos is a system for authenticating users and services on a network. Kerberos is a trusted third-party service. That means that there is a third party (the kerberos server) that is trusted by all the entities on the network (users and services, usually called "principals"). . This is the MIT reference implementation of Kerberos5. . This package contains the installation, administrator, and user reference manuals for MIT Kerberos and the man pages for the MIT Kerberos configuration files.
Attachment:
signature.asc
Description: Digital signature