Future of kerberised telnet, login, rsh, ftp?

Andrew Bartlett abartlet at samba.org
Wed Jul 6 19:15:18 EDT 2005

On Thu, 2005-07-07 at 00:58 +0200, Harald Barth wrote:

> > (This was brought up by a look we are taking on samba-technical about
> > what proportion of Heimdal to import, with a strong view to avoid
> > including these apps).
> Including where? There are enough crippled heimdal "ports" around, I
> don't need more half done heimdal ports which force me to roll my own
> port och package or rpm or deb or what's-it-called in spite of the
> distribution claiming to have a "heimdal". I'm tired of getting
> "heimdals" that don't have working rsh or kx.

Samba4 will include a copy of Heimdal kerberos, crippled such as to be
built into Samba4's smbd.  Indeed, the rsh, kx and even kadmin and kdc
binaries will not be available to the user.

As such, we are importing portions of the heimdal tree, not including
the apps, into samba4, and will include them with our release tarballs.

Now, if it happened (as the MIT folks indicated) that these utilities
were being split out from the main tarball, then I would have less files
to watch, and I would not have security auditors telling me that Samba4
is vulnerable to issues in programs we don't ship, but are included in
the same upstream Heimdal version number.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20050707/e2b8ec76/attachment.bin

More information about the krbdev mailing list