3094 2003-10-03 13:09:18 +0400 Unable to build many Kerberos-aware programs without KerberosIV support 2005-09-13 15:42:49 +0400 1 1 4 Development Sisyphus libkrb5 unstable all Linux CLOSED WONTFIX P1 enhancement --- 1 yurix ab iv shaba qa-sisyphus oldest_to_newest 9976 0 yurix 2003-10-03 13:09:19 +0400 Disabling support for KerberosIV in 3.1.3 make nearly impossible to build other Kerberos-based software for Sisyphus, since majority of them do not provide any simple way to disable Kv4 functionality. So in many cases removing kerberosIV dependencies requires to much work to be done hacking the source code of the software. Please, return KerberosIV support. 9977 1 ldv 2003-10-03 13:27:40 +0400 I'd vote against this suggestion. 9980 2 yurix 2003-10-03 15:02:43 +0400 Well, I have to make it clear for myself. As far as i understand, building krb5 with --disable-kerberosIV prevents installing krb4 libraries and headers, so it simply could not affect system security in any way, on other hand, it makes it possible to build and use other (optional) software, witch may use legacy (surely, much less secure) krb4 method. Such a software may or may not be included in major distributions depending on security-team decision. Not including krb4 soft cannot compromise system security in any manner, as it were when complitely disabling krb4 support. So the choice is "prevent anything KerberosIV-aware because user could use its krb4 functionality, and it's bad" and "Provide user with a choice to use or not to use krb4-based soft with no potential risk for system by default (since no app use krb4 libs)". Also I have to note, that many programs, I'm talking about, would use Kerberos5 method by default, but have support for krb4 as well. As I already said, majority of them could not be configured at build-time to not to use krb4 libraries. I whould like to know the policy of security-team concerning support for Kerberos technology in Sisyphus repository. 13278 3 inger 2004-05-05 16:01:02 +0400 перевешено на новый пакет 24537 4 yurix 2005-05-14 15:35:03 +0400 No more demand