On 22:25 Mon 30 Jul , Russ Allbery wrote: > Damyan Ivanov <dam@modsoftsys.com> writes: > > > I'd say that the explanations both in changelog and README.Debian are a > > little bit "around the problem". After re-reading it, I think so to.. ;) I should not commit things so late in the night when Im tired > > What is the cause for the slow connection? How does krd5-config > > (/etc/krb5.conf) help? What are the "right settings"? I have ask the bug submitter and what he mean for the right settings is: setting the right default_realm and its corresponding kdc server. This config file is very small and should be understandable. Moreover a template can be found in /usr/share/kerberos-configs/krb5.conf.template I have updated the README.Debian with the informations about setting in the /etc/krb5.conf the right default_realm and its corresponding kdc server > > If it is not clear to you (it is not to me), you can always ask the bug > > submitter, who seems to have a lot of experience in the area. > > In general, if you're using Kerberos software, you want to have > krb5-config installed. It used to be that Kerberos wouldn't work at all > in the absence of a krb5.conf file. Now, it can, but it means that you're > relying on DNS records for all of your Kerberos configuration and things > like the local realm of the machine are determined by algorithms that > often don't apply or produce the wrong results. Plus, relying on DNS or > on the machine's hostname to determine the local realm is not recommended > for a variety of reasons, including security, so installing krb5-config > (which prompts for your local realm and KDC information) is usually the > right thing to do. > > I think Recommends might be better than Suggests, even. The only reason > why I'm hesitant to say that, or to suggest Depends, is for cases where > this module is pulled in by other dependencies on a system that doesn't > actually use Kerberos and for which the krb5-config debconf questions > would be meaningless. Ok, I change it to Recommends. I have re-read the debian policy and it seems that Recommends is more relevant here. Can someone have a look again ? Thanks !! -- ,''`. Xavier Oswald <x.oswald@free.fr> : :' : GNU/LINUX Debian & Debian-Edu `. `' GnuPG Key ID 0x88BBB51E `- 938D D715 6915 8860 9679 4A0C A430 C6AA 88BB B51E
Attachment:
signature.asc
Description: Digital signature