Re: Importing Heimdal 7.8.0

On 2024-02-04 14:54:58 (+0800), Emmanuel Vadot wrote:
> On Sat, 3 Feb 2024 10:24:09 -0800
> Enji Cooper <yaneurabeya@gmail.com> wrote:
>>> On Feb 3, 2024, at 09:45, Piotr P. Stefaniak <pstef@freebsd.org> 
>>> wrote:
>>> ?On 2024-01-31 15:31:38, Dag-Erling Smørgrav wrote:
>>>> Minsoo Choo <minsoochoo0122@proton.me> writes:
>>>>> I'm currently working on importing the latest version of Heimdal,
>>>>
>>>> Please don't.
>>>
>>> why
>>
>> Cy is importing MIT kerberos. MIT is (in many cases) the defacto 
>> flavor of kerberos.
>> Cheers,
>
>  Is changing kerberos flavor in 2024 really what we want ?

We should ship a supported / maintained flavour of Kerberos.  MIT is the 
best option.

> People who are using base kdc will likekly migrate to ports version of
> heimdal as database isn't compatible (unless something has changed in
> the past 15 years I've used kerberos).

That's certainly true.

> I guess that kerberos is still used a bit at some Colleges or old
> corporation that haven't moved from it but is it relevant for us to
> still include kerberos in base ?

The kdc is only one component of Kerberos.  While using Kerberos alone 
is certainly increasingly niche, many organisations use it in 
combination with LDAP (e.g. Microsoft Active Directory).

We need the Kerberos libraries in the base system for GSSAPI.  It's more 
effort not to include the kdc and the utilities (kinit, kadmin, 
ktutil,...) than including them.

> OpenSSH-portable/curl and anything else in ports could be moved to use
> MIT/Heimdal from ports (based on some options and/or subpackages if
> that is possible).

OpenSSH in base still needs to support GSSAPI.

Philip