Date: Mon, 5 Feb 2024 13:10:37 -0800 From: Cy Schubert <Cy.Schubert@cschubert.com> To: Enji Cooper <yaneurabeya@gmail.com> Cc: Emmanuel Vadot <manu@bidouilliste.com>, "Piotr P. Stefaniak" <pstef@freebsd.org>, Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= <des@freebsd.org>, Minsoo Choo <minsoochoo0122@proton.me>, freebsd-arch@freebsd.org Subject: Re: Importing Heimdal 7.8.0 Message-ID: <20240205130951.071850fb@slippy> In-Reply-To: <4593BCAF-C09D-466C-ABC8-6160A9BE5B10@gmail.com> References: <Zb57nFS1PUt2pGBw@freefall.freebsd.org> <7B302C8A-8A56-4840-B8D1-A01A3F9D765C@gmail.com> <20240204075458.04884948a03419c3afcd1f4f@bidouilliste.com> <4593BCAF-C09D-466C-ABC8-6160A9BE5B10@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 5 Feb 2024 12:06:44 -0800 Enji Cooper <yaneurabeya@gmail.com> wrote: > > On Feb 3, 2024, at 10:54 PM, Emmanuel Vadot <manu@bidouilliste.com> wro= te: =20 >=20 > =E2=80=A6 >=20 > > Is changing kerberos flavor in 2024 really what we want ? > > People who are using base kdc will likekly migrate to ports version of > > heimdal as database isn't compatible (unless something has changed in > > the past 15 years I've used kerberos). > > I guess that kerberos is still used a bit at some Colleges or old > > corporation that haven't moved from it but is it relevant for us to > > still include kerberos in base ? > > OpenSSH-portable/curl and anything else in ports could be moved to use > > MIT/Heimdal from ports (based on some options and/or subpackages if > > that is possible). =20 >=20 > This is a good question for Cy (I can=E2=80=99t answer this). I=E2=80=99m= mostly just the messenger in this case (my second sentence about "MIT kerb= eros being the defacto kerberos flavor=E2=80=9D was my personal opinion on = the topic). > -Enji I'll reiterate an email I sent to this list in December. The reasons for this are fourfold. 1. After importing Heimdal 7.7.0 locally, 7.8.0 failed to import. They'd restructured the code enough to require significant restructuring of makefiles. At this point I was only toying with the idea of importing MIT into base. No work had commenced yet. 2. FreeBSD Foundation contacted me about a large corporate user of FreeBSD about their pain point of Heimdal in base instead of MIT. 3. There is more support that I've seen, at mostly among developers, but others too, for replacing Heimdal with MIT. 4. MIT is the original Kerberos. It is the kerberos in all Linux distros. It is also baked into Active Directory. It is the gold standard. I don't know who the large corporate user is but having spent my entire career in the corporate world, integration into A/D is important to large enterprise users. IMO, if we want to see more FreeBSD used by large corporations, reason #2 above is probably the most important reason to switch from Heimdal to MIT. --=20 Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org e^(i*pi)+1=3D0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20240205130951.071850fb>