[42] in athena10
Re: Building our own Kerberos
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sat Jan 12 01:28:45 2008
From: Greg Hudson <ghudson@MIT.EDU>
To: Tim Abbott <tabbott@mit.edu>
Cc: athena10@mit.edu, debathena@mit.edu
In-Reply-To: <Pine.LNX.4.64L.0801120022320.26368@mega-man.mit.edu>
Content-Type: text/plain
Date: Sat, 12 Jan 2008 01:28:35 -0500
Message-Id: <1200119315.6088.15.camel@error-messages.mit.edu>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
I wonder if we could also just install a wrapper script
for /usr/bin/kinit using a diversion.
Right now if you were to kinit and not get new krb4 tickets, you would
mostly suffer from:
* Zephyr won't work. That may be fixed by Athena 10 because we've
received patches for krb5 zephyr (though I won't have time to review
them until February). Of course, if we're using the native Debian
package we'll need to get them to take an update, but I believe the
person who submitted the krb5 patches to me (Karl) is also the person
who maintains the Debian package, so that shouldn't be a big deal.
* Kerberos authentication to the PO servers won't work. All of the
IMAP clients support krb5 auth (if they supported krb4 auth, at least)
but the PO servers don't have it turned on. I have no idea what NIST's
schedule is here. nmh is also a problem since krb5 KPOP is somewhat
unlikely to ever happen; background ideas on this range from figuring
out how to get GNU mailutils to work as an nmh replacement to finding a
way to hack "inc" to use krb5 IMAP.
