Re: Importing Heimdal 7.8.0
- Reply: Philip Paeps : "Re: Importing Heimdal 7.8.0"
- In reply to: Philip Paeps : "Re: Importing Heimdal 7.8.0"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 05 Feb 2024 07:17:00 UTC
On Mon, 05 Feb 2024 14:20:34 +0800 Philip Paeps <philip@freebsd.org> wrote: > On 2024-02-04 14:54:58 (+0800), Emmanuel Vadot wrote: > > On Sat, 3 Feb 2024 10:24:09 -0800 > > Enji Cooper <yaneurabeya@gmail.com> wrote: > >>> On Feb 3, 2024, at 09:45, Piotr P. Stefaniak <pstef@freebsd.org> > >>> wrote: > >>> ?On 2024-01-31 15:31:38, Dag-Erling Smørgrav wrote: > >>>> Minsoo Choo <minsoochoo0122@proton.me> writes: > >>>>> I'm currently working on importing the latest version of Heimdal, > >>>> > >>>> Please don't. > >>> > >>> why > >> > >> Cy is importing MIT kerberos. MIT is (in many cases) the defacto > >> flavor of kerberos. > >> Cheers, > > > > Is changing kerberos flavor in 2024 really what we want ? > > We should ship a supported / maintained flavour of Kerberos. MIT is the > best option. > > > People who are using base kdc will likekly migrate to ports version of > > heimdal as database isn't compatible (unless something has changed in > > the past 15 years I've used kerberos). > > That's certainly true. > > > I guess that kerberos is still used a bit at some Colleges or old > > corporation that haven't moved from it but is it relevant for us to > > still include kerberos in base ? > > The kdc is only one component of Kerberos. While using Kerberos alone > is certainly increasingly niche, many organisations use it in > combination with LDAP (e.g. Microsoft Active Directory). > > We need the Kerberos libraries in the base system for GSSAPI. It's more > effort not to include the kdc and the utilities (kinit, kadmin, > ktutil,...) than including them. Is there a written proposal for this switch ? I can't seems to understand how it's useful to not include the utilities in base (I understand for kdc). If I need kerberos to login in my env I would need to pkg install heimdal/mit so I might as well pkg install openssh-portable && pkg delete FreeBSD-openssh so I have a kerberos aware ssh. Please be aware that we're pushing pkgbase use so we will have a lot more flexibility to have a tool installed or not. > > OpenSSH-portable/curl and anything else in ports could be moved to use > > MIT/Heimdal from ports (based on some options and/or subpackages if > > that is possible). > > OpenSSH in base still needs to support GSSAPI. > > Philip > -- Emmanuel Vadot <manu@bidouilliste.com> <manu@freebsd.org>