From nobody Mon Feb 05 21:10:37 2024 X-Original-To: freebsd-arch@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TTJv564CGz591jD for ; Mon, 5 Feb 2024 21:10:41 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from omta001.cacentral1.a.cloudfilter.net (omta001.cacentral1.a.cloudfilter.net [3.97.99.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TTJv533zfz51Xh; Mon, 5 Feb 2024 21:10:41 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Authentication-Results: mx1.freebsd.org; none Received: from shw-obgw-4003a.ext.cloudfilter.net ([10.228.9.183]) by cmsmtp with ESMTPS id X332rdCMcxDxGX6EirVJaW; Mon, 05 Feb 2024 21:10:40 +0000 Received: from spqr.komquats.com ([70.66.152.170]) by cmsmtp with ESMTPSA id X6EgrgdzMByQrX6EhrbQai; Mon, 05 Feb 2024 21:10:40 +0000 X-Authority-Analysis: v=2.4 cv=UOF+Hzfy c=1 sm=1 tr=0 ts=65c14ed0 a=y8EK/9tc/U6QY+pUhnbtgQ==:117 a=y8EK/9tc/U6QY+pUhnbtgQ==:17 a=xqWC_Br6kY4A:10 a=IkcTkHD0fZMA:10 a=k7vzHIieQBIA:10 a=pGLkceISAAAA:8 a=7ASnObcnAAAA:8 a=YxBL1-UpAAAA:8 a=6I5d2MoRAAAA:8 a=EkcXrb_YAAAA:8 a=focQ8XpkmpRfSYORp-gA:9 a=QEXdDO2ut3YA:10 a=pj5rz7AvTRnaHDIeLm0D:22 a=Ia-lj3WSrqcvXOmTRaiG:22 a=IjZwj45LgO3ly-622nXo:22 a=LK5xJRSDVpKd5WXXoEvA:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTP id 447D02BA; Mon, 5 Feb 2024 13:10:38 -0800 (PST) Received: from slippy (localhost [IPv6:::1]) by slippy.cwsent.com (Postfix) with ESMTP id 2140520E; Mon, 5 Feb 2024 13:10:38 -0800 (PST) Date: Mon, 5 Feb 2024 13:10:37 -0800 From: Cy Schubert To: Enji Cooper Cc: Emmanuel Vadot , "Piotr P. Stefaniak" , Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= , Minsoo Choo , freebsd-arch@freebsd.org Subject: Re: Importing Heimdal 7.8.0 Message-ID: <20240205130951.071850fb@slippy> In-Reply-To: <4593BCAF-C09D-466C-ABC8-6160A9BE5B10@gmail.com> References: <7B302C8A-8A56-4840-B8D1-A01A3F9D765C@gmail.com> <20240204075458.04884948a03419c3afcd1f4f@bidouilliste.com> <4593BCAF-C09D-466C-ABC8-6160A9BE5B10@gmail.com> Organization: KOMQUATS X-Mailer: Claws Mail 3.19.1 (GTK+ 2.24.33; amd64-portbld-freebsd15.0) List-Id: Discussion related to FreeBSD architecture List-Archive: https://lists.freebsd.org/archives/freebsd-arch List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-arch@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-CMAE-Envelope: MS4xfHfmnyhSKt/jOjYwRT7GMZXYaBNL3PR6sE0NAbmJUmryXE3QV85BHsmSUx8NhbLXAWOF4hfj8G79yM6bwGQN4UFu7/HqScYb4yRh68MATmVrUOKK/ME3 r1CVLUHTF6hT/6h3Nugo3xlO6RxCqwQjOckPkr4a/dJOaXf26b65e9aIEMZRQFSvq+pmxHihDqqCw+jReBu5Y8QAsOVrOC3jbabb7FM7s/4r/Ny6R47+0YCh zBdSpN3feVrL47fIIbXHHb+aWbpbRk1b4EjFY2Q2nvph78caFAXVUM2ssvO+K9vLrfjGZ+eMWcKeyH1IsBkBNntI94utHEn8mZ6CRwdXaGz6SaTXT0iKpyRf BaiDaXct X-Rspamd-Queue-Id: 4TTJv533zfz51Xh X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:16509, ipnet:3.96.0.0/15, country:US] On Mon, 5 Feb 2024 12:06:44 -0800 Enji Cooper wrote: > > On Feb 3, 2024, at 10:54 PM, Emmanuel Vadot wro= te: =20 >=20 > =E2=80=A6 >=20 > > Is changing kerberos flavor in 2024 really what we want ? > > People who are using base kdc will likekly migrate to ports version of > > heimdal as database isn't compatible (unless something has changed in > > the past 15 years I've used kerberos). > > I guess that kerberos is still used a bit at some Colleges or old > > corporation that haven't moved from it but is it relevant for us to > > still include kerberos in base ? > > OpenSSH-portable/curl and anything else in ports could be moved to use > > MIT/Heimdal from ports (based on some options and/or subpackages if > > that is possible). =20 >=20 > This is a good question for Cy (I can=E2=80=99t answer this). I=E2=80=99m= mostly just the messenger in this case (my second sentence about "MIT kerb= eros being the defacto kerberos flavor=E2=80=9D was my personal opinion on = the topic). > -Enji I'll reiterate an email I sent to this list in December. The reasons for this are fourfold. 1. After importing Heimdal 7.7.0 locally, 7.8.0 failed to import. They'd restructured the code enough to require significant restructuring of makefiles. At this point I was only toying with the idea of importing MIT into base. No work had commenced yet. 2. FreeBSD Foundation contacted me about a large corporate user of FreeBSD about their pain point of Heimdal in base instead of MIT. 3. There is more support that I've seen, at mostly among developers, but others too, for replacing Heimdal with MIT. 4. MIT is the original Kerberos. It is the kerberos in all Linux distros. It is also baked into Active Directory. It is the gold standard. I don't know who the large corporate user is but having spent my entire career in the corporate world, integration into A/D is important to large enterprise users. IMO, if we want to see more FreeBSD used by large corporations, reason #2 above is probably the most important reason to switch from Heimdal to MIT. --=20 Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org e^(i*pi)+1=3D0