Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 18 Jul 2005 12:24:07 +0300
From:      Vladimir Terziev <vladimir.terziev@sun-fish.com>
To:        Roman Kurakin <rik@cronyx.ru>
Cc:        dom@goodforbusiness.co.uk, freebsd-hackers@freebsd.org
Subject:   Re: Remove Heimdal Kerberos from my FreeBSD
Message-ID:  <20050718122407.1c064644.vlady@sun-fish.com>
In-Reply-To: <42DB723B.8060501@cronyx.ru>
References:  <20050716194319.4375451a.vlady@sun-fish.com> <200507161756.58334.dom@goodforbusiness.co.uk> <200507172202.18757.doconnor@gsoft.com.au> <20050717154649.3d0a5520.vlady@sun-fish.com> <42DB59F9.80408@cronyx.ru> <20050718113333.4ab7ebb5.vlady@sun-fish.com> <42DB723B.8060501@cronyx.ru>

next in thread | previous in thread | raw e-mail | index | archive | help

    Hi,

    i'm sure most of the FreeBSD users do not need kerberos for authnetication.

   Things should be kept simple, not generic -- this is one of the principles of UNIX.

    If someone needs telnet+kerberos, then ok, such meta port could be created and this person will just need to install it, but importing something in the base system which is NOT commonly used is not a good idea, as i've already said.

	Vladimir


On Mon, 18 Jul 2005 13:11:23 +0400
Roman Kurakin <rik@cronyx.ru> wrote:

> Vladimir Terziev wrote:
> 
> >   Hi,
> >
> >   your right about useless things, but making basic software to depend on these useless things is a very bad idea.
> >   I'm sure, telnet & ssh are the most used applications on any UNIX system, so they must not depend on any third party software by default. If you need kerberized ssh or telnet, then ok -- relink them to use kerberos, but why possible bugs in kerberos should affect ssh & telnet when kerberos is not mandantory for their functioning?
> >  
> >
> It depends on what we chose as a basic functionality. One wouldn't use 
> it, for other
> person it is necessary. Again, for generic system it is normal to have 
> extra functionality.
> If we remove it, many persons would suffer from that. If you do not need 
> it, just do
> not use it. And all one would be happy.
> It is not a problem to depend on kerberos till it isn't removed.
> 
> The worse thing is indirect depend. Why I have to setup lib by dependence,
> that is needed by the unused functions from the lib I use? The same would be
> to ask to remove those functions from that lib since they add extra 
> dependance.
> 
> If smth is commonly used, even not by majority but by quite nomerous
> community it should be in generic system. No one is restricted to customize
> system for any particular case. If you have such ability there is no any 
> problem.
> 
> rik
> 
> >	Vladimir
> >
> >
> >On Mon, 18 Jul 2005 11:27:53 +0400
> >Roman Kurakin <rik@cronyx.ru> wrote:
> >
> >  
> >
> >>Hi,
> >>
> >>Vladimir Terziev wrote:
> >>
> >>    
> >>
> >>>   Yes, i deleted it along with all libs related to it. This caused telnet/ssh/etc to stop working. So i rebuilt the world with NO_KERBEROS=yes and now all is like a charm -- no Heimdal Kerberos and no software depending on it.
> >>>   I think making the Heimdal Kerberos part of the base FreeBSD OS is bad idea, but linking base software (like telnet, ssh), which is part of the base FreeBSD OS, against it, is very very bad idea.
> >>> 
> >>>
> >>>      
> >>>
> >>Why? Yes, all current OSs have a lot of useless things from some one 
> >>point of view.
> >>For example, at work I do not need X while driver development, but at 
> >>home I need it.
> >>At home I may not need almost all development tools.
> >>This is normal. If I want to setup a system fast and without additional 
> >>efforts I'll setup
> >>a typical options. And I'll start use it as fast as it would be up. Most 
> >>peoples do the
> >>same.
> >>
> >>It is better to have all thing in generic system that suits the majority.
> >>If you want to setup a custom system, you need to do it manually.
> >>
> >>rik
> >>
> >>    
> >>
> >>>	Vladimir
> >>>
> >>>
> >>>On Sun, 17 Jul 2005 22:02:04 +0930
> >>>"Daniel O'Connor" <doconnor@gsoft.com.au> wrote:
> >>>
> >>> 
> >>>
> >>>      
> >>>
> >>>>On Sunday 17 July 2005 02:26, Dominic Marks wrote:
> >>>>   
> >>>>
> >>>>        
> >>>>
> >>>>>In /etc/make.conf put
> >>>>>
> >>>>>NO_KERBEROS=yes
> >>>>>
> >>>>>Then build a new world. That should do the trick.
> >>>>>     
> >>>>>
> >>>>>          
> >>>>>
> >>>>This won't remove it, it will just not update it.
> >>>>You would have to delete it by hand.
> >>>>
> >>>>Telnet/ssh/etc don't have to depend on Kerberos and if you use the above 
> >>>>option they will be built without Kerb support.
> >>>>
> >>>>-- 
> >>>>Daniel O'Connor software and network engineer
> >>>>for Genesis Software - http://www.gsoft.com.au
> >>>>"The nice thing about standards is that there
> >>>>are so many of them to choose from."
> >>>> -- Andrew Tanenbaum
> >>>>GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
> >>>>
> >>>>   
> >>>>
> >>>>        
> >>>>
> >>>_______________________________________________
> >>>freebsd-hackers@freebsd.org mailing list
> >>>http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> >>>To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
> >>> 
> >>>
> >>>      
> >>>
> >_______________________________________________
> >freebsd-hackers@freebsd.org mailing list
> >http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> >To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org"
> >  
> >
> 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050718122407.1c064644.vlady>