Re: RFS: libauthen-simple-kerberos-perl, closes: #434772

[Russ Allbery <rra@debian.org>]

Damyan Ivanov <dam@modsoftsys.com> writes:

> I'd say that the explanations both in changelog and README.Debian are a
> little bit "around the problem".

> What is the cause for the slow connection? How does krd5-config
> (/etc/krb5.conf) help? What are the "right settings"?

> If it is not clear to you (it is not to me), you can always ask the bug
> submitter, who seems to have a lot of experience in the area.

In general, if you're using Kerberos software, you want to have
krb5-config installed.  It used to be that Kerberos wouldn't work at all
in the absence of a krb5.conf file.  Now, it can, but it means that you're
relying on DNS records for all of your Kerberos configuration and things
like the local realm of the machine are determined by algorithms that
often don't apply or produce the wrong results.  Plus, relying on DNS or
on the machine's hostname to determine the local realm is not recommended
for a variety of reasons, including security, so installing krb5-config
(which prompts for your local realm and KDC information) is usually the
right thing to do.

I think Recommends might be better than Suggests, even.  The only reason
why I'm hesitant to say that, or to suggest Depends, is for cases where
this module is pulled in by other dependencies on a system that doesn't
actually use Kerberos and for which the krb5-config debconf questions
would be meaningless.

libauthen-krb5-perl has the same issue.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>