Heimdal compatibility

Sam Hartman hartmans at MIT.EDU
Sun Aug 6 13:53:05 EDT 2006

>>>>> "Andrew" == Andrew Bartlett <abartlet at samba.org> writes:

    Andrew> but I wonder: it seems so close, would it possible to use
    Andrew> the heimdal krb5Key schema?

I'd appreciate your help with a more general problem.

Mit doesn't want to be bound to Heimdal compatibility for our database
format, for the extensions we support, for our APIs.

we don't want to be gratuitously different, and where it is reasonable
to be compatible we'd like to do so.  However we don't believe it
meets our goals if we have to come to agreement with Heimdal (or they
with us) for enhancements to the database format etc.

We also don't want to get in the situation where people are frustrated
that what used to work no longer works.  We would hate to get into a
situation where we were unable to deploy some new feature because
doing so broke some Heimdal compatibility we'd never committed to in
the first place that people were depending on.

Similarly, we'd hate for people to be in a position where they had
designed their code assuming some portion of the MIT and Heimdal
implementations were the same, only to find they diverged in the

How do we balance these concerns against the equally valid desires to
minimize divergence and to allow people to reuse code where
appropriate.  I'm looking for options that MIt can implement
unilaterally.  I'd be delighted if we had more coordination with
Heimdal on issues like this, but I cannot depend on that being the


More information about the krbdev mailing list