Bug#315059: Drop KRB4 support from HEIMDAL
On Sat, 2005-11-26 at 11:45 +1100, Brian May wrote: Björn == Björn Torkelsson [EMAIL PROTECTED] writes: Björn I did rebuild it for Ubuntu dapper and have been running it for some Björn time now. Seems to be working without any problems. Great news! Yeah, and Ubuntu has switched to the experimental packages in dapper, so hopefully it will get some more extensive testing. I really hope that you will upload the packages to unstable soon. Björn Any chance of getting KCM enabled by the way? Err... What is KCM? Kerberos Cache Manager, a new feature in heimdal 0.7. /torkel
Bug#315059: Drop KRB4 support from HEIMDAL
Björn == Björn Torkelsson [EMAIL PROTECTED] writes: Björn I did rebuild it for Ubuntu dapper and have been running it for some Björn time now. Seems to be working without any problems. Great news! Björn Any chance of getting KCM enabled by the way? Err... What is KCM? -- Brian May [EMAIL PROTECTED]
Bug#315059: Drop KRB4 support from HEIMDAL
On Sat, 2005-10-29 at 09:31 +1000, Brian May wrote: Brian == Brian May [EMAIL PROTECTED] writes: Brian There have been increasing calls for me to drop krb4 Brian support in Heimdal (first in bug #315059 and now by Brian upstream in bug #334632 - it would also solve #236851). It Brian would also eliminate confusion such as in bug #330151 (not Brian a bug). I have compiled Heimdal 0.7.1 in placed it in experimental. I would appreciate it if people test it and let me know what is likely to break (especially as a result of removing Kerberos4kth support). I did rebuild it for Ubuntu dapper and have been running it for some time now. Seems to be working without any problems. Any chance of getting KCM enabled by the way? /torkel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#315059: Drop KRB4 support from HEIMDAL
Brian == Brian May [EMAIL PROTECTED] writes: Brian There have been increasing calls for me to drop krb4 Brian support in Heimdal (first in bug #315059 and now by Brian upstream in bug #334632 - it would also solve #236851). It Brian would also eliminate confusion such as in bug #330151 (not Brian a bug). I have compiled Heimdal 0.7.1 in placed it in experimental. I would appreciate it if people test it and let me know what is likely to break (especially as a result of removing Kerberos4kth support). Thanks. -- Brian May [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#315059: Drop KRB4 support from HEIMDAL
On Mon, 2005-10-24 at 12:18 +1000, Brian May wrote: Steve == Steve Langasek [EMAIL PROTECTED] writes: Steve On Sun, Oct 23, 2005 at 03:20:08PM -0400, Sam Hartman Steve wrote: Does the krb524 functionality disappear from the KDC if you turn off krb4? Steve According to upstream, krb524 works without krb4 in heimdal Steve 0.7; nothing was said about heimdal 0.6.3 which we Steve currently have in unstable, but I imagine we'd need to move Steve to the new version. It looks like totally removing krb4 support would mean conflicting with kerberos4kth, due to conflicts between shared libraries used. Does this matter? Is it time to think about removing kerberos4kth from the archive anyway? In my opinion yes. However an easy and well documented upgrade-path from a krb4 KDC to a krb5 KDC is probably necessary. /torkel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#315059: Drop KRB4 support from HEIMDAL
Does the krb524 functionality disappear from the KDC if you turn off krb4? If so, that will be a problem for current openafs, although probably not for future openafs. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#315059: Drop KRB4 support from HEIMDAL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Oct 23, 2005 at 03:20:08PM -0400, Sam Hartman wrote: Does the krb524 functionality disappear from the KDC if you turn off krb4? According to upstream, krb524 works without krb4 in heimdal 0.7; nothing was said about heimdal 0.6.3 which we currently have in unstable, but I imagine we'd need to move to the new version. - -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDXBZ2KN6ufymYLloRAkzdAJoCP1DS1dASqjY2E3W8C6QY7Obs8QCg0yW/ t8XL2+czSRp6oUK5FdEKuPk= =/0TD -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#315059: Drop KRB4 support from HEIMDAL
Steve == Steve Langasek [EMAIL PROTECTED] writes: Steve On Sun, Oct 23, 2005 at 03:20:08PM -0400, Sam Hartman Steve wrote: Does the krb524 functionality disappear from the KDC if you turn off krb4? Steve According to upstream, krb524 works without krb4 in heimdal Steve 0.7; nothing was said about heimdal 0.6.3 which we Steve currently have in unstable, but I imagine we'd need to move Steve to the new version. It looks like totally removing krb4 support would mean conflicting with kerberos4kth, due to conflicts between shared libraries used. Does this matter? Is it time to think about removing kerberos4kth from the archive anyway? -- Brian May [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#315059: Drop KRB4 support from HEIMDAL
On Mon, Oct 24, 2005 at 12:18:27PM +1000, Brian May wrote: Steve == Steve Langasek [EMAIL PROTECTED] writes: Steve On Sun, Oct 23, 2005 at 03:20:08PM -0400, Sam Hartman Steve wrote: Does the krb524 functionality disappear from the KDC if you turn off krb4? Steve According to upstream, krb524 works without krb4 in heimdal Steve 0.7; nothing was said about heimdal 0.6.3 which we Steve currently have in unstable, but I imagine we'd need to move Steve to the new version. It looks like totally removing krb4 support would mean conflicting with kerberos4kth, due to conflicts between shared libraries used. Does this matter? Is it time to think about removing kerberos4kth from the archive anyway? Do heimdal's krb4 support libraries actually implement the same ABI as the kerberos4kth implementation? Depending on the details, it might be better to Provides/Conflicts/Replaces the old krb4 lib package; but if the ABIs aren't the same, it would be better to fix the heimdal version so that it doesn't collide. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ signature.asc Description: Digital signature
Bug#315059: Drop KRB4 support from HEIMDAL
Steve == Steve Langasek [EMAIL PROTECTED] writes: Steve Do heimdal's krb4 support libraries actually implement the Steve same ABI as the kerberos4kth implementation? Depending on Steve the details, it might be better to Steve Provides/Conflicts/Replaces the old krb4 lib package; but Steve if the ABIs aren't the same, it would be better to fix the Steve heimdal version so that it doesn't collide. I suspect they are the same (libroken and libotp) but not absolutely sure. In addition to those libraries, libss and libsl are also issues. I tried using ss-dev in Debian already, but it doesn't appear to be compatible. So I might have to repackage libss and libsl in Debian too. yuck. No, I don't understand what these libraries do (I am sure I have been told though). No, I don't mean libssl - thats completely different. I have my latest source code for 0.7.1 online at URL:http://people.debian.org/~bam/ in case anybody wants to play with it. At the moment it won't compile due to the libss/libsl issue. There might be other compile issues, but I think I have fixed them all. The relevant patch file in debian/patches/012_sharedlibs, regenerate the autoconf patch with debian/scripts/autotools. Requires automake 1.8. There is also the issue of the versioned symbols patch not applying cleanly. Any help appreciated, Thanks. -- Brian May [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#315059: Drop KRB4 support from HEIMDAL
You can use AFS support in heimdal (both KDC and client) in 0.7 without any kerberos 4 support. Please drop Kerberos 4, and leave it to the archeologists. Love -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#315059: Drop KRB4 support from HEIMDAL
To: debian-devel, bug#315059 and submitter CC: krb4 maintainer and openafs maintainers Hello, There have been increasing calls for me to drop krb4 support in Heimdal (first in bug #315059 and now by upstream in bug #334632 - it would also solve #236851). It would also eliminate confusion such as in bug #330151 (not a bug). Would this effect anybody? Would this break anything? I noted when I was experimenting with openafs last I couldn't get it to work without krb4 support in Heimdal KDC, but admit I may have been doing something wrong. krb4 is generally considered obsolete and insecure - I think the only reason it was requested was because of AFS requirements - does that reason still apply? Thanks. -- Brian May [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]