From: Sam Hartman <hartmans@debian.org> To: debian-devel-announce@lists.debian.org Subject: Mailing list to discuss integrating Kerberos into Debian Date: Sun, 02 Sep 2001 22:49:44 -0400 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Over the past year, Brian May and I have come a long way towards integrating support for Kerberos into Debian. Brian has been maintaining the Heimdal packages, while I have maintained the MIT Kerberos5 packages. Advances such as support for PAM Kerberos modules in Debian along with increasing support for SASL mean that today users of Debian testing/unstable can use Kerberos to authenticate many of their tasks. However, especially as crypto in main becomes a likely possibility for the future, there are issues we need to address to continue to better integrate Kerberos into Debian. Currently, we have two implementations of Kerberos version 5. There are good reasons we need to support both MIT Kerberos and Heimdal. We need to better manage the way in which these packages cooperate to minimize the duplication of resources and to maximize our users' ability to take advantage of the best features of both implementations. We need to come up with guidelines for packagers that help them decide when they want to package support for both implementations (there are a few cases like PAM modules where this is necessary) and how to choose an implementation when duplication is not required. We should work to increase the number of compatible ABIs and source level APIs. We should come up with guidelines for packagers to recommend how to configure Kerberos support so it is available for sites/users that want it, while not getting in others' way. We should look at ways to provide a consistent set of commands for users to use regardless of what implementation is installed. There are probably other Kerberos-related issues to consider. To this end, Brian and I have agreed to form a mailing list to discuss these and other appropriate issues. I'm setting up the mailing list. It is not currently hosted on Debian servers, although if there is interest I can start the process of applying for a Debian list. Currently, you can subscribe by sending mail to debian-kerberos-request@mekinok.com. You can also go to http://mailman.boxedpenguin.com/mailman/listinfo/debian-kerberos for subscription information. The list archive is available at imap://imap.mekinok.com/mekinok.lists.debian-kerberos. Naturally both anonymous and GSSAPI (Kerberos) authentication are supported. I'm also sending this announcement to people involved in both implementations. It would be great if some upstream developers were interested as discussing/promoting upstream compatibility will only make our job within Debian easier. - --Sam -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7ku9y/I12czyGJg8RAmOsAKCNJ/PwO29RsFQsR9mmLsFw7kqWaACgtExf H5ZRzfguQuWvGu7jXyob2PY= =/k4l -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-devel-announce-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org