Bug 3094 - Unable to build many Kerberos-aware programs without KerberosIV support
Summary: Unable to build many Kerberos-aware programs without KerberosIV support
Status: CLOSED WONTFIX
Alias: None
Product: Sisyphus
Classification: Development
Component: libkrb5 (show other bugs)
Version: unstable
Hardware: all Linux
: P1 enhancement
Assignee: Alexander Bokovoy
QA Contact: qa-sisyphus
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-10-03 13:09 MSD by Yurix
Modified: 2005-09-13 15:42 MSD (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Yurix 2003-10-03 13:09:19 MSD
Disabling support for KerberosIV in 3.1.3 make nearly impossible to 
build other Kerberos-based software for Sisyphus, since majority of them 
do not provide any simple way to disable Kv4 functionality. So in many cases 
removing kerberosIV dependencies requires to much work to be done hacking the 
source code of the software. 
 Please, return KerberosIV support.
Comment 1 Dmitry V. Levin 2003-10-03 13:27:40 MSD
I'd vote against this suggestion. 
Comment 2 Yurix 2003-10-03 15:02:43 MSD
 Well, I have to make it clear for myself. As far as i understand, building 
krb5 with --disable-kerberosIV prevents installing krb4 libraries and headers, 
so it simply could not affect system security in any way, on other hand, it 
makes it possible to build and use other (optional) software, witch may use 
legacy (surely, much less secure) krb4 method. Such a software may or may not 
be included in major distributions depending on security-team decision. 
 Not including krb4 soft cannot compromise system security in any manner, 
as it were when complitely disabling krb4 support. So the choice is "prevent 
anything KerberosIV-aware because user could use its krb4 functionality, and 
it's bad"  and "Provide user with a choice to use or not to use krb4-based 
soft with no potential risk for system by default (since no app use krb4 
libs)". 
 Also I have to note, that many programs, I'm talking about, would use 
Kerberos5 method by default, but have support for krb4 as well. As I already 
said, majority of them could not be configured at build-time to not to use 
krb4 libraries. 
 I whould like to know the policy of security-team concerning support for 
Kerberos technology in Sisyphus repository. 
 
Comment 3 inger@altlinux.org 2004-05-05 16:01:02 MSD
перевешено на новый пакет 
 
Comment 4 Yurix 2005-05-14 15:35:03 MSD
No more demand