[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

heimdal and debian

This is probably interesting for all the people that run heimdal on debian.


Over the past year, Brian May and I have come a long way towards
integrating support for Kerberos into Debian.  Brian has been
maintaining the Heimdal packages, while I have maintained the MIT
Kerberos5 packages.  Advances such as support for PAM Kerberos modules
in Debian along with increasing support for SASL mean that today users
of Debian testing/unstable can  use Kerberos to authenticate many of
their tasks.

However, especially as crypto in main becomes a likely possibility for
the future, there are issues we need to address to continue to better
integrate Kerberos into Debian.  Currently, we have two
implementations of Kerberos version 5.  There are good reasons we need
to support both MIT Kerberos and Heimdal.  We need to better manage
the way in which these packages cooperate to minimize the duplication
of resources and to maximize our users' ability to take advantage of
the best features of both implementations.  We need to come up with
guidelines for packagers that help them decide when they want to
package support for both implementations (there are a few cases like
PAM modules where this is necessary) and how to choose an
implementation when duplication is not required.  We should work to
increase the number of compatible ABIs and source level APIs.  We
should come up with guidelines for packagers to recommend how to
configure Kerberos support so it is available for sites/users that
want it, while not getting in others' way.  We should look at ways to
provide a consistent set of commands for users to use regardless of
what implementation is installed.  There are probably other
Kerberos-related issues to consider.

To this end, Brian and I have agreed to form a mailing list to discuss
these and other appropriate issues.  I'm setting up the mailing list.
It is not currently hosted on Debian servers, although if there is
interest I can start the process of applying for a Debian list.
Currently, you can subscribe by sending mail to
debian-kerberos-request@mekinok.com.  You can also go to
http://mailman.boxedpenguin.com/mailman/listinfo/debian-kerberos for
subscription information.  The list archive is available at
imap://imap.mekinok.com/mekinok.lists.debian-kerberos.  Naturally both
anonymous and GSSAPI (Kerberos) authentication are supported.

I'm also sending this announcement to people involved in both
implementations.  It would be great if some upstream developers were
interested as discussing/promoting upstream compatibility will only
make our job within Debian easier.  


To UNSUBSCRIBE, email to debian-devel-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org