Bug#1070031: heimdal-kdc: fails to install if /usr/bin/kadmin is not Heimdal kadmin

2024-04-28 Thread Brian May 
Ryan Tandy  writes:

> # update-alternatives --display kadmin
> kadmin - auto mode
>   link best version is /usr/bin/kadmin.mit
>   link currently points to /usr/bin/kadmin.mit
>   link kadmin is /usr/bin/kadmin
>   slave kadmin.1.gz is /usr/share/man/man1/kadmin.1.gz
> /usr/bin/kadmin.heimdal - priority 23
>   slave kadmin.1.gz: /usr/share/man/man1/kadmin.heimdal.1.gz
> /usr/bin/kadmin.mit - priority 30
>   slave kadmin.1.gz: /usr/share/man/man1/kadmin.mit.1.gz

I am wondering if maybe kadmin should not be using update-alternatives.

I think it is policy - although I can't find it right now - that update
alternatives should only be used for similar commands, i.e. similiar
command line parsing, does the same thing, etc.

But I don't think any of this applies for kadmin. It could be very
confusing if you are kadmin by hand, not realizing you are running the
wrong command.

Any thoughts?

Maybe I should ask the MIT kerberos maintainer for opinions here also.
-- 
Brian May @ Debian

Bug#1070031: heimdal-kdc: fails to install if /usr/bin/kadmin is not Heimdal kadmin

2024-04-28 Thread Ryan Tandy 
Package: heimdal-kdc
Version: 7.8.git20221117.28daf24+dfsg-5
Severity: normal

Dear Maintainer,

I noticed that if the package krb5-user is installed, then heimdal-kdc 
fails to install, because /usr/bin/kadmin is the wrong one:

# apt install krb5-user
[...]
# ls -l /etc/alternatives/kadmin
lrwxrwxrwx 1 root root 19 Mar 27 03:42 /etc/alternatives/kadmin -> 
/usr/bin/kadmin.mit
# apt install heimdal-kdc
[...]
Setting up heimdal-kdc (7.8.git20221117.28daf24+dfsg-5+b1) ...
kstash: writing key to `/var/lib/heimdal-kdc/m-key'
kadmin: invalid option -- 'l'
Usage: kadmin [-r realm] [-p principal] [-q query] [clnt|local args]
  [command args...]
clnt args: [-s admin_server[:port]] [[-c ccache]|[-k [-t keytab]]]|[-n] 
[-O | -N]
local args: [-x db_args]* [-d dbname] [-e "enc:salt ..."] [-m] [-w 
password] where,
[-x db_args]* - any number of database specific arguments.
Look at each database documentation for supported 
arguments
dpkg: error processing package heimdal-kdc (--configure):
 installed heimdal-kdc package post-installation script subprocess returned 
error exit status 1

The MIT alternative has a slightly higher priority (30 vs 
heimdal-clients 23), so update-alternatives prefers it.

# update-alternatives --display kadmin
kadmin - auto mode
  link best version is /usr/bin/kadmin.mit
  link currently points to /usr/bin/kadmin.mit
  link kadmin is /usr/bin/kadmin
  slave kadmin.1.gz is /usr/share/man/man1/kadmin.1.gz
/usr/bin/kadmin.heimdal - priority 23
  slave kadmin.1.gz: /usr/share/man/man1/kadmin.heimdal.1.gz
/usr/bin/kadmin.mit - priority 30
  slave kadmin.1.gz: /usr/share/man/man1/kadmin.mit.1.gz

I guess the Heimdal maintainer scripts should call kadmin.heimdal 
explicitly. I have not checked whether any other commands are affected.

thank you,
Ryan