For the next major release of Debian, we will be dropping Kerberos v4 support from the Kerberos side of things, such as libraries, kinit, klist, and so forth. I'm considering also dropping kaserver support from the Debian OpenAFS packages at the same time. There are a few ways in which I could do this:
* Drop all kaserver support from the package, including the openafs-kpasswd package (kas and kpasswd) and libpam-openafs-kaserver. Drop regular klog and replace it with the Kerberos v5 klog currently shipped with openafs-krb5. Merge openafs-krb5 and openafs-client and replace openafs-krb5 with a transitional package that just depends on an appropriate version of openafs-client. * Drop the dedicated openafs-kpasswd and libpam-openafs-kaserver packages but leave klog alone and leave openafs-krb5 split out as a separate package. * Drop only the libpam-openafs-kaserver package but leave the other kaserver support, on the grounds that the PAM modules are the most fragile part of the kaserver support, are very buggy from a PAM perspective, and require an ugly hack to build properly on Debian. * Do nothing and leave the current state as-is. Opinions? Note that the next release of Debian will not include fakeka (or krb524d or any other libraries related to 4->5 or 5->4 translation), making ka-forwarder rather pointless except to point to old servers running earlier releases, so I'm considering dropping it as well. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
