[OpenAFS] AFS kaserver PAM modules and Debian packages
Thu, 26 Mar 2009 11:13:09 -0700
For the next major release of Debian, we will be dropping Kerberos v4
support from the Kerberos side of things, such as libraries, kinit, klist,
and so forth. I'm considering also dropping kaserver support from the
Debian OpenAFS packages at the same time. There are a few ways in which I
could do this:
* Drop all kaserver support from the package, including the
openafs-kpasswd package (kas and kpasswd) and libpam-openafs-kaserver.
Drop regular klog and replace it with the Kerberos v5 klog currently
shipped with openafs-krb5. Merge openafs-krb5 and openafs-client and
replace openafs-krb5 with a transitional package that just depends on an
appropriate version of openafs-client.
* Drop the dedicated openafs-kpasswd and libpam-openafs-kaserver packages
but leave klog alone and leave openafs-krb5 split out as a separate
* Drop only the libpam-openafs-kaserver package but leave the other
kaserver support, on the grounds that the PAM modules are the most
fragile part of the kaserver support, are very buggy from a PAM
perspective, and require an ugly hack to build properly on Debian.
* Do nothing and leave the current state as-is.
Note that the next release of Debian will not include fakeka (or krb524d
or any other libraries related to 4->5 or 5->4 translation), making
ka-forwarder rather pointless except to point to old servers running
earlier releases, so I'm considering dropping it as well.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>