[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Future of kerberised telnet, login, rsh, ftp?

On Thu, 2005-07-07 at 00:58 +0200, Harald Barth wrote:

> > (This was brought up by a look we are taking on samba-technical about
> > what proportion of Heimdal to import, with a strong view to avoid
> > including these apps).
> Including where? There are enough crippled heimdal "ports" around, I
> don't need more half done heimdal ports which force me to roll my own
> port och package or rpm or deb or what's-it-called in spite of the
> distribution claiming to have a "heimdal". I'm tired of getting
> "heimdals" that don't have working rsh or kx.

Samba4 will include a copy of Heimdal kerberos, crippled such as to be
built into Samba4's smbd.  Indeed, the rsh, kx and even kadmin and kdc
binaries will not be available to the user.

As such, we are importing portions of the heimdal tree, not including
the apps, into samba4, and will include them with our release tarballs.

Now, if it happened (as the MIT folks indicated) that these utilities
were being split out from the main tarball, then I would have less files
to watch, and I would not have security auditors telling me that Samba4
is vulnerable to issues in programs we don't ship, but are included in
the same upstream Heimdal version number.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

This is a digitally signed message part