[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kpop or kpush for Debian 3.0 (Woody)

Magnus Sandberg <mem@stacken.kth.se> writes:

> Hi Mikael,
> Thanks for your reply. When I look at Debian's web page it seams that 
> you're right. Strange thou that the kpush client is part of the server 
> package and not the client. It seams to be the same for Heimdal;

I'm not really sure what kpush does. But I can tell you what the original
rationale for deciding things in -clients or -servers (originally named
-services to distinguish it from the kerberos server itself) was and then the
current maintainer can figure out whether kpush should be moved based on that.

The original rationale was that -servers had everything that would change the
security policy on a box, so that it would be completely safe to install
-clients as a convenience to users. Even on a site where kerberos wasn't the
standard security method and where the admin knows nothing about configuring
the kerberized tools.

Hence things like ftpd, login, and popper are part of -servers since
installing them opens up services based on users' kerberos principles.

I don't know what kpush does, perhaps I originally opted to be conservative.
Anything I didn't recognize could potentially have been a security hazard to
install unknowingly. Or perhaps I knew something then that I don't know now.