I propose that Debian select a Kerberos implementation and include it as part of the base system. Kerberos is being deployed rapidly and widely by Windows administrators running Active Directory servers, and by Unix administrators kerberizing their services in response. However, it's a compile-time option for most (all?) of the packages that would use it, so right most package that could potentially support it come in "normal" and "-krb5" versions. Worse, those -krb5 packages often lag behind their normal counterparts, so users have to pick between using new packages or old ones that work on their company's network infrastructure. If it were in the base system, though, the total minimum system size would barely increase (libkrb53 on Sid is only 340KB, for instance) but it could become a standard option for programs that can use it. Are there any compelling reasons not to do this? I don't believe that "keeping the base simple" is sufficient, since the current situation actually complicates matters tremendously. At the very least, is there any reason why we can't drop all the "-krb5" packages in favor of merging that functionality in to the normal versions of their respective packages? Honestly, this is the primary reason I've considered dropping Debian in favor of Gentoo at work. I don't particularly like Gentoo, but the ability to set USE="kerberos" to be able to log in to our servers, check my mail, and make LDAP queries without having to search for often-ancient kerberized packages is almost enough to make me commit to it. -- Kirk Strauser
Attachment:
pgpsvFNgBxpGo.pgp
Description: PGP signature