Date: Mon, 05 Feb 2024 14:20:34 +0800 From: Philip Paeps <philip@freebsd.org> To: Emmanuel Vadot <manu@bidouilliste.com> Cc: Enji Cooper <yaneurabeya@gmail.com>, "\"Piotr P. Stefaniak\"" <pstef@freebsd.org>, =?utf-8?q?=22Dag-Erling_Sm=C3=B8rgrav=22?= <des@freebsd.org>, Minsoo Choo <minsoochoo0122@proton.me>, freebsd-arch@freebsd.org Subject: Re: Importing Heimdal 7.8.0 Message-ID: <74FEC455-1390-4759-9095-47B9EBA95A31@freebsd.org> In-Reply-To: <20240204075458.04884948a03419c3afcd1f4f@bidouilliste.com> References: <Zb57nFS1PUt2pGBw@freefall.freebsd.org> <7B302C8A-8A56-4840-B8D1-A01A3F9D765C@gmail.com> <20240204075458.04884948a03419c3afcd1f4f@bidouilliste.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2024-02-04 14:54:58 (+0800), Emmanuel Vadot wrote: > On Sat, 3 Feb 2024 10:24:09 -0800 > Enji Cooper <yaneurabeya@gmail.com> wrote: >>> On Feb 3, 2024, at 09:45, Piotr P. Stefaniak <pstef@freebsd.org> >>> wrote: >>> ?On 2024-01-31 15:31:38, Dag-Erling Smørgrav wrote: >>>> Minsoo Choo <minsoochoo0122@proton.me> writes: >>>>> I'm currently working on importing the latest version of Heimdal, >>>> >>>> Please don't. >>> >>> why >> >> Cy is importing MIT kerberos. MIT is (in many cases) the defacto >> flavor of kerberos. >> Cheers, > > Is changing kerberos flavor in 2024 really what we want ? We should ship a supported / maintained flavour of Kerberos. MIT is the best option. > People who are using base kdc will likekly migrate to ports version of > heimdal as database isn't compatible (unless something has changed in > the past 15 years I've used kerberos). That's certainly true. > I guess that kerberos is still used a bit at some Colleges or old > corporation that haven't moved from it but is it relevant for us to > still include kerberos in base ? The kdc is only one component of Kerberos. While using Kerberos alone is certainly increasingly niche, many organisations use it in combination with LDAP (e.g. Microsoft Active Directory). We need the Kerberos libraries in the base system for GSSAPI. It's more effort not to include the kdc and the utilities (kinit, kadmin, ktutil,...) than including them. > OpenSSH-portable/curl and anything else in ports could be moved to use > MIT/Heimdal from ports (based on some options and/or subpackages if > that is possible). OpenSSH in base still needs to support GSSAPI. Philip
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?74FEC455-1390-4759-9095-47B9EBA95A31>