Please find, for review, the debconf templates of krb5. This review will last from Saturday, May 26, 2007 to Tuesday, June 05, 2007. Please send reviews as unified diffs (diff -u) against the original files. Comments about your proposed changes will be appreciated. Your review should be sent as an answer to this mail. When appropriate, I will send intermediate requests for review, with "[RFRn]" (n>=2) as a subject tag. When we will reach a consensus, I send a "Last Chance For Comments" mail with "[LCFC]" as a subject tag. Finally, the reviewed templates will be sent to the package maintainer as a bug report, and a mail will be sent to this list with "[BTS]" as a subject tag. --
Template: krb5-admin-server/newrealm Type: note _Description: Setting up a Kerberos Realm This package contains the administrative tools necessary to run on the Kerberos master server. . However, installing this package does not automatically set up a Kerberos realm. This can be done later by running the 'krb5_newrealm' command. . Please also read the /usr/share/doc/krb5-kdc/README.KDC file and the administration guide found in the krb5-doc package. Template: krb5-admin-server/kadmind Type: boolean Default: true _Description: Run the Kerberos5 administration daemon (kadmind)? Kadmind serves requests to add/modify/remove principals in the Kerberos database. . It is required by the kpasswd program, used to change passwords. With standard setups, this daemon should run on the master KDC.
Template: krb5-kdc/debconf
Type: boolean
Default: true
_Description: Create the Kerberos KDC configuration automatically?
The Kerberos Domain Controller (KDC) configuration files, in
/etc/krb5kdc, may be created automatically.
.
By default, an example template will be copied into this directory
with local parameters filled in.
.
Some sites who already have infrastructure to manage their own
Kerberos configuration will wish to disable any automatic
configuration changes.
Template: krb5-kdc/krb4-mode
Type: select
__Choices: disable, full, nopreauth, none
Default: none
_Description: Kerberos4 compatibility mode to use:
By default, Kerberos4 requests are allowed from principals that do
not require preauthentication ('nopreauth'). This allows Kerberos4
services to exist while requiring most users to use Kerberos5 clients
to get their initial tickets. These tickets can then be converted to
Kerberos4 tickets.
.
Alternatively, the mode can be set to 'full', allowing Kerberos4 to
get initial tickets even when preauthentication would normally be
required, or to 'disable', which will disable all Kerberos4 support.
Template: krb5-kdc/run-krb524
Type: boolean
_Description: Run a Kerberos5 to Kerberos4 tickets conversion daemon?
Krb524d is a daemon that converts Kerberos5 tickets into Kerberos4 tickets
for the krb524init program.
.
It is recommended to use that daemon if Kerberos4 is enabled, more
particularly when the Kerberos4 compatibility is set to 'nopreauth'
Template: krb5-kdc/purge_data_too
Type: boolean
Default: false
_Description: Should the data be purged as well as the package files?
By default, purging this package will not delete the KDC database in
/var/lib/krb5kdc/principal since this database cannot be recovered once
it is deleted.
.
Choose this option if you wish to delete the KDC database when this package
is purged, deleting all of the user accounts and passwords in the KDC.
--- ../krb5.old/debian/krb5-admin-server.templates 2007-05-20 10:50:24.309583226 +0200
+++ debian/krb5-admin-server.templates 2007-05-21 20:02:15.221072381 +0200
@@ -2,21 +2,21 @@
Type: note
_Description: Setting up a Kerberos Realm
This package contains the administrative tools necessary to run on the
- Kerberos master server. However, installing this package does not
- automatically set up a Kerberos realm. Doing so requires entering
- passwords and as such is not well-suited for package installation. To
- create the realm, run the krb5_newrealm command. You may also wish to read
- /usr/share/doc/krb5-kdc/README.KDC and the administration guide found in
- the krb5-doc package.
+ Kerberos master server.
.
- Don't forget to set up DNS information so your clients can find your KDC
- and admin servers. Doing so is documented in the administration guide.
+ However, installing this package does not automatically set up a
+ Kerberos realm. This can be done later by running the 'krb5_newrealm'
+ command.
+ .
+ Please also read the /usr/share/doc/krb5-kdc/README.KDC file
+ and the administration guide found in the krb5-doc package.
Template: krb5-admin-server/kadmind
Type: boolean
Default: true
_Description: Run the Kerberos5 administration daemon (kadmind)?
Kadmind serves requests to add/modify/remove principals in the
- Kerberos database. It also must be running for the kpasswd program
- to be used to change passwords. Normally, this daemon runs on the
- master KDC.
+ Kerberos database.
+ .
+ It is required by the kpasswd program, used to change passwords.
+ With standard setups, this daemon should run on the master KDC.
--- ../krb5.old/debian/krb5-kdc.templates 2007-05-20 10:50:24.257582594 +0200
+++ debian/krb5-kdc.templates 2007-05-22 18:50:38.465570955 +0200
@@ -1,34 +1,40 @@
Template: krb5-kdc/debconf
Type: boolean
Default: true
-_Description: Create Kerberos KDC Configuration with debconf?
- Many sites will wish to have this script automatically create Kerberos KDC
- configuration files in /etc/krb5kdc. By default an example template will
- be copied into this directory with local parameters filled in. Some sites
- who already have infrastructure to manage their own Kerberos configuration
- will wish to disable any automatic configuration changes.
+_Description: Create the Kerberos KDC configuration automatically?
+ The Kerberos Domain Controller (KDC) configuration files, in
+ /etc/krb5kdc, may be created automatically.
+ .
+ By default, an example template will be copied into this directory
+ with local parameters filled in.
+ .
+ Some sites who already have infrastructure to manage their own
+ Kerberos configuration will wish to disable any automatic
+ configuration changes.
Template: krb5-kdc/krb4-mode
Type: select
-_Choices: disable, full, nopreauth, none
+__Choices: disable, full, nopreauth, none
Default: none
_Description: Kerberos4 compatibility mode to use:
- By default, Kerberos4 requests are allowed from principals that do not
- require preauthentication. This allows Kerberos4 services to exist while
- requiring most users to use Kerberos5 clients to get their initial
- tickets. These tickets can then be converted to Kerberos4 tickets.
- Alternatively, the mode can be set to full, allowing Kerberos4 to get
- initial tickets even when preauthentication would normally be required, or
- to disable, which will disable all Kerberos4 support.
+ By default, Kerberos4 requests are allowed from principals that do
+ not require preauthentication ('nopreauth'). This allows Kerberos4
+ services to exist while requiring most users to use Kerberos5 clients
+ to get their initial tickets. These tickets can then be converted to
+ Kerberos4 tickets.
+ .
+ Alternatively, the mode can be set to 'full', allowing Kerberos4 to
+ get initial tickets even when preauthentication would normally be
+ required, or to 'disable', which will disable all Kerberos4 support.
Template: krb5-kdc/run-krb524
Type: boolean
-_Description: Run a krb524d?
+_Description: Run a Kerberos5 to Kerberos4 tickets conversion daemon?
Krb524d is a daemon that converts Kerberos5 tickets into Kerberos4 tickets
- for the krb524init program. If you have Kerberos4 enabled at all, then
- you probably want to run this program. Especially when Kerberos4
- compatibility is set to nopreauth, krb524d is important if you have any
- Kerberos4 services.
+ for the krb524init program.
+ .
+ It is recommended to use that daemon if Kerberos4 is enabled, more
+ particularly when the Kerberos4 compatibility is set to 'nopreauth'
Template: krb5-kdc/purge_data_too
Type: boolean
@@ -36,6 +42,7 @@
_Description: Should the data be purged as well as the package files?
By default, purging this package will not delete the KDC database in
/var/lib/krb5kdc/principal since this database cannot be recovered once
- it is deleted. If you wish to delete your KDC database when this package
- is purged, knowing that purging this package will then mean deleting all
- of the user accounts and passwords in the KDC, enable this option.
+ it is deleted.
+ .
+ Choose this option if you wish to delete the KDC database when this package
+ is purged, deleting all of the user accounts and passwords in the KDC.
--- ../krb5.old/debian/control 2007-05-20 10:50:24.293583031 +0200
+++ debian/control 2007-05-22 18:52:34.914445128 +0200
@@ -14,9 +14,9 @@
Architecture: any
Description: MIT Kerberos administration runtime libraries
Kerberos is a system for authenticating users and services on a network.
- Kerberos is a trusted third-party service. That means that there is a
+ Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
- the network (users and services, usually called "principals").
+ the network (users and services, usually called 'principals').
.
This is the MIT reference implementation of Kerberos5.
.
@@ -31,9 +31,9 @@
Conflicts: openafs-krb5 (<< 1.3-10), ssh-krb5 (<< 3.8.1p1-10), libauthen-krb5-perl (<< 1.4-5), libapache-mod-auth-kerb (<= 4.996-5.0-rc6-2), libapache2-mod-auth-kerb (<= 4.996-5.0-rc6-2)
Description: MIT Kerberos runtime libraries
Kerberos is a system for authenticating users and services on a network.
- Kerberos is a trusted third-party service. That means that there is a
+ Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
- the network (users and services, usually called "principals").
+ the network (users and services, usually called 'principals').
.
This is the MIT reference implementation of Kerberos5.
.
@@ -47,9 +47,9 @@
Conflicts: heimdal-clients, kerberos4kth-user, suidmanager (<< 0.50), kerberos4kth-services
Description: Basic programs to authenticate using MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
- Kerberos is a trusted third-party service. That means that there is a
+ Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
- the network (users and services, usually called "principals").
+ the network (users and services, usually called 'principals').
.
This is the MIT reference implementation of Kerberos5.
.
@@ -66,9 +66,9 @@
Provides: telnet-client
Description: Secure replacements for ftp, telnet and rsh using MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
- Kerberos is a trusted third-party service. That means that there is a
+ Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
- the network (users and services, usually called "principals").
+ the network (users and services, usually called 'principals').
.
This is the MIT reference implementation of Kerberos5.
.
@@ -82,9 +82,9 @@
Provides: rsh-server
Description: Secure replacements for rshd and rlogind using MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
- Kerberos is a trusted third-party service. That means that there is a
+ Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
- the network (users and services, usually called "principals").
+ the network (users and services, usually called 'principals').
.
This is the MIT reference implementation of Kerberos5.
.
@@ -99,7 +99,7 @@
Provides: ftp-server
Description: Secure FTP server supporting MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
- Kerberos is a trusted third-party service. That means that there is a
+ Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
@@ -116,7 +116,7 @@
Priority: extra
Description: Secure telnet server supporting MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
- Kerberos is a trusted third-party service. That means that there is a
+ Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
@@ -133,15 +133,15 @@
Conflicts: kerberos4kth-kdc
Description: MIT Kerberos key server (KDC)
Kerberos is a system for authenticating users and services on a network.
- Kerberos is a trusted third-party service. That means that there is a
+ Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos5.
.
- This package contains the Kerberos key server (KDC). The KDC manages all
+ This package contains the Kerberos key server (KDC). The KDC manages all
authentication credentials for a Kerberos realm, holds the master keys
- for the realm, and responds to authentication requests. This package
+ for the realm, and responds to authentication requests. This package
should be installed on both master and slave KDCs.
Package: krb5-admin-server
@@ -150,7 +150,7 @@
Depends: ${shlibs:Depends}, ${misc:Depends}, libkrb53 (= ${Source-Version}), krb5-kdc, lsb-base (>= 3.0-6)
Description: MIT Kerberos master server (kadmind)
Kerberos is a system for authenticating users and services on a network.
- Kerberos is a trusted third-party service. That means that there is a
+ Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
@@ -158,9 +158,9 @@
.
This package contains the Kerberos master server (kadmind), which handles
account creations and deletions, password changes, and other
- administrative commands via the Kerberos admin protocol. It also
+ administrative commands via the Kerberos admin protocol. It also
contains the command used by the master KDC to propagate its database to
- slave KDCs. This package is generally only used on the master KDC for a
+ slave KDCs. This package is generally only used on the master KDC for a
Kerberos realm.
Package: libkrb5-dev
@@ -172,7 +172,7 @@
Suggests: krb5-doc
Description: Headers and development libraries for MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
- Kerberos is a trusted third-party service. That means that there is a
+ Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
@@ -188,14 +188,14 @@
Section: libdevel
Description: Debugging files for MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
- Kerberos is a trusted third-party service. That means that there is a
+ Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos5.
.
This package contains the debugging information for the MIT Kerberos
- libraries. Install this package if you need to trace problems inside the
+ libraries. Install this package if you need to trace problems inside the
MIT Kerberos libraries with a debugger.
Package: krb5-doc
@@ -206,7 +206,7 @@
Section: doc
Description: Documentation for MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
- Kerberos is a trusted third-party service. That means that there is a
+ Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
Source: krb5
Section: net
Priority: standard
Build-Depends: binutils (>= 2.14.90.0.7), libncurses5-dev, docbook-to-man, debhelper (>= 5), byacc | bison, comerr-dev (>= 2.0-1.33-2), ss-dev, texinfo (> 4.1), libkeyutils-dev
Standards-Version: 3.7.2
Maintainer: Sam Hartman <hartmans@debian.org>
Uploaders: Russ Allbery <rra@debian.org>
Package: libkadm55
Section: libs
Priority: optional
Depends: ${shlibs:Depends}, libkrb53 (= ${Source-Version})
Replaces: libkrb53 (<= 1.3)
Architecture: any
Description: MIT Kerberos administration runtime libraries
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called 'principals').
.
This is the MIT reference implementation of Kerberos5.
.
This package contains the administration runtime libraries, used by the
kadmin protocol and the KDC.
Package: libkrb53
Section: libs
Architecture: any
Depends: ${shlibs:Depends}
Suggests: krb5-doc, krb5-user
Conflicts: openafs-krb5 (<< 1.3-10), ssh-krb5 (<< 3.8.1p1-10), libauthen-krb5-perl (<< 1.4-5), libapache-mod-auth-kerb (<= 4.996-5.0-rc6-2), libapache2-mod-auth-kerb (<= 4.996-5.0-rc6-2)
Description: MIT Kerberos runtime libraries
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called 'principals').
.
This is the MIT reference implementation of Kerberos5.
.
This package contains the runtime libraries used by applications and
Kerberos clients.
Package: krb5-user
Architecture: any
Priority: optional
Depends: ${shlibs:Depends}, libkrb53 (= ${Source-Version}), libkadm55 (= ${Source-Version}), krb5-config
Conflicts: heimdal-clients, kerberos4kth-user, suidmanager (<< 0.50), kerberos4kth-services
Description: Basic programs to authenticate using MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called 'principals').
.
This is the MIT reference implementation of Kerberos5.
.
This package contains the basic programs to authenticate to MIT Kerberos,
change passwords, and talk to the admin server (to create and delete
principals, list principals, etc.).
Package: krb5-clients
Architecture: any
Priority: optional
Depends: ${shlibs:Depends}, libkrb53 (= ${Source-Version}), krb5-config
Suggests: rsh-client
Conflicts: kerberos4kth-clients, kerberos4kth-services, heimdal-clients
Provides: telnet-client
Description: Secure replacements for ftp, telnet and rsh using MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called 'principals').
.
This is the MIT reference implementation of Kerberos5.
.
This package contains secure replacements for ftp, telnet, rsh, rlogin,
and rcp that use Kerberos for authentication.
Package: krb5-rsh-server
Architecture: any
Priority: optional
Depends: ${shlibs:Depends}, libkrb53 (= ${Source-Version}), update-inetd, krb5-config
Provides: rsh-server
Description: Secure replacements for rshd and rlogind using MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called 'principals').
.
This is the MIT reference implementation of Kerberos5.
.
This package contains replacements for rshd and rlogind that use Kerberos
for authentication.
Package: krb5-ftpd
Architecture: any
Depends: ${shlibs:Depends}, libkrb53 (= ${Source-Version}), update-inetd, krb5-config
Conflicts: ftpd
Priority: extra
Provides: ftp-server
Description: Secure FTP server supporting MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos5.
.
This package contains an FTP server that uses Kerberos for
authentication.
Package: krb5-telnetd
Architecture: any
Depends: ${shlibs:Depends}, libkrb53 (= ${Source-Version}), update-inetd, krb5-config, krb5-rsh-server
Conflicts: telnetd, telnet-server
Provides: telnet-server
Priority: extra
Description: Secure telnet server supporting MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos5.
.
This package contains a replacement for telnetd that uses Kerberos for
authentication.
Package: krb5-kdc
Architecture: any
Priority: optional
Depends: ${shlibs:Depends}, ${misc:Depends}, libkrb53 (= ${Source-Version}), update-inetd, krb5-user, lsb-base (>= 3.0-6)
Suggests: krb5-admin-server
Conflicts: kerberos4kth-kdc
Description: MIT Kerberos key server (KDC)
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos5.
.
This package contains the Kerberos key server (KDC). The KDC manages all
authentication credentials for a Kerberos realm, holds the master keys
for the realm, and responds to authentication requests. This package
should be installed on both master and slave KDCs.
Package: krb5-admin-server
Architecture: any
Priority: optional
Depends: ${shlibs:Depends}, ${misc:Depends}, libkrb53 (= ${Source-Version}), krb5-kdc, lsb-base (>= 3.0-6)
Description: MIT Kerberos master server (kadmind)
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos5.
.
This package contains the Kerberos master server (kadmind), which handles
account creations and deletions, password changes, and other
administrative commands via the Kerberos admin protocol. It also
contains the command used by the master KDC to propagate its database to
slave KDCs. This package is generally only used on the master KDC for a
Kerberos realm.
Package: libkrb5-dev
Section: libdevel
Architecture: any
Depends: libkrb53 (= ${Source-Version}), libkadm55 (= ${Source-Version}), comerr-dev
Conflicts: heimdal-dev
Priority: extra
Suggests: krb5-doc
Description: Headers and development libraries for MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos5.
.
This package contains the symlinks, headers, and development libraries
needed to compile and link programs that use the Kerberos libraries.
Package: libkrb5-dbg
Architecture: any
Depends: libkrb53 (= ${Source-Version}), libkadm55 (= ${Source-Version})
Priority: extra
Section: libdevel
Description: Debugging files for MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos5.
.
This package contains the debugging information for the MIT Kerberos
libraries. Install this package if you need to trace problems inside the
MIT Kerberos libraries with a debugger.
Package: krb5-doc
Architecture: all
Priority: optional
Conflicts: heimdal-docs, kerberos4kth-clients
Replaces: krb5-user (<< 1.2.2-8)
Section: doc
Description: Documentation for MIT Kerberos
Kerberos is a system for authenticating users and services on a network.
Kerberos is a trusted third-party service. That means that there is a
third party (the kerberos server) that is trusted by all the entities on
the network (users and services, usually called "principals").
.
This is the MIT reference implementation of Kerberos5.
.
This package contains the installation, administrator, and user reference
manuals for MIT Kerberos and the man pages for the MIT Kerberos
configuration files.
Attachment:
signature.asc
Description: Digital signature