Bug#656352: pu: package libpam-krb5/4.3-1squeeze1
Cyril Brulebois <kibi@debian.org> writes:
> Russ Allbery <rra@debian.org> (18/01/2012):
>> Petter Reinholdtsen from DebianEdu requested this change make it into
>> stable as well, since it's causing problems for them (they set up accounts
>> in Kerberos and LDAP only by default).
> If they're directly affected by this, maybe it can be worked around on
> their side?
They are currently diverting and replacing the configuration file.
>> What do the stable release managers think? Is this something that
>> would be reasonable to do in stable? I think it does improve the
>> package for the majority use case, but it's a larger change in
>> configuration than I would normally propose for a stable update.
> If the majority use case improvement is worth it, maybe try and get on a
> middleground route: warn/ask through some debconf prompt about the
> behaviour change if it's an update, and go the preferred route (from
> your POV) if that's an installation? (Or prompt in all cases, maybe?)
The problem there is that the relevant file is in /usr/share/pam-configs
and is therefore not a configuration file. I suppose I could try to do
something complex to have it be a symlink to something in /etc, but the
intent of the pam-config-update mechanism was to not do things like that.
But it does make it really hard to only optionally change the default
configuration.
I'd say that the current package behavior is probably right for 10% of the
users and wrong for 90% of the users (although most people probably don't
change their Kerberos password a lot via PAM and hence haven't noticed).
The new default would be right for 90% and wrong for 10%.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: