Re: Importing Heimdal 7.8.0

In reply to: Enji Cooper : "Re: Importing Heimdal 7.8.0"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Cy Schubert <Cy.Schubert_at_cschubert.com>
Date: Mon, 05 Feb 2024 21:10:37 UTC
On Mon, 5 Feb 2024 12:06:44 -0800
Enji Cooper <yaneurabeya@gmail.com> wrote:

> > On Feb 3, 2024, at 10:54 PM, Emmanuel Vadot <manu@bidouilliste.com> wrote:  
> 
> …
> 
> > Is changing kerberos flavor in 2024 really what we want ?
> > People who are using base kdc will likekly migrate to ports version of
> > heimdal as database isn't compatible (unless something has changed in
> > the past 15 years I've used kerberos).
> > I guess that kerberos is still used a bit at some Colleges or old
> > corporation that haven't moved from it but is it relevant for us to
> > still include kerberos in base ?
> > OpenSSH-portable/curl and anything else in ports could be moved to use
> > MIT/Heimdal from ports (based on some options and/or subpackages if
> > that is possible).  
> 
> This is a good question for Cy (I can’t answer this). I’m mostly just the messenger in this case (my second sentence about "MIT kerberos being the defacto kerberos flavor” was my personal opinion on the topic).
> -Enji

I'll reiterate an email I sent to this list in December.

The reasons for this are fourfold.

1. After importing Heimdal 7.7.0 locally, 7.8.0 failed to import.
   They'd restructured the code enough to require significant restructuring
   of makefiles. At this point I was only toying with the idea of importing
   MIT into base. No work had commenced yet.

2. FreeBSD Foundation contacted me about a large corporate user of
   FreeBSD about their pain point of Heimdal in base instead of MIT.

3. There is more support that I've seen, at mostly among developers, but
   others too, for replacing Heimdal with MIT.

4. MIT is the original Kerberos. It is the kerberos in all Linux
   distros. It is also baked into Active Directory. It is the gold
   standard.

I don't know who the large corporate user is but having spent my entire
career in the corporate world, integration into A/D is important to
large enterprise users. IMO, if we want to see more FreeBSD used by
large corporations, reason #2 above is probably the most important
reason to switch from Heimdal to MIT.

-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
NTP:           <cy@nwtime.org>    Web:  https://nwtime.org

			e^(i*pi)+1=0