[740] in athena10
Advance notice about krb4
daemon@ATHENA.MIT.EDU (ghudson@MIT.EDU)
Wed Dec 17 20:07:54 2008
Date: Wed, 17 Dec 2008 20:07:09 -0500 (EST)
From: ghudson@MIT.EDU
Message-Id: <200812180107.mBI179BG006570@outgoing.mit.edu>
To: athena10@mit.edu
In the past, we've assumed that any schedule for final migration away
from krb4 would be set by NIST.
It's possible that the schedule might wind up being set by the OS.
The timeline is pretty relaxed at this point, but:
* Around April 2009, krb5 1.7 will be released with no krb4 support
(except the ability to read srvtabs).
* The 9.04 Ubuntu release will probably still use krb5 1.6.
However, it's reasonable to assume that in October 2009 there will
be a 9.10 Ubuntu release which uses krb5 1.7.
* Around October 2010 (two years from now), Ubuntu will cease
support for 9.04, making that the deadline for adopting 9.10 or a
later release.
Sometime in those 1-2 years, Athena will need to deal with the
following:
* Zephyr. There is krb5 Zephyr code in the tree, thanks to Karl.
The onus here is primarily on ops to deploy the code; Athena 10
gets its Zephyr packages from upstream (Karl does the packaging
for Debian and Ubuntu takes it from there).
* Evolution. Either NIST finally turns on krb5 IMAP, or we have to
give up and go to passwords. Either way, the wrapper script will
need to convert accounts from using krb4 to using krb5 or
passwords.
* Pine. I think this is a little easier but I don't have a complete
mental map of the issues.
* nmh. Only the "inc" command is affected. One option is to just
finally desupport it, or the "inc" part of it.
* Discuss, lert, and possibly a few other programs use krb5 but have
krb4 code in them, which will have to be excised.
And possibly some other things I've forgotten.
