Red Hat Bugzilla – Bug 226300
Review Request: pkinit-nss - PKINIT for MIT Kerberos
Last modified: 2008-12-19 13:08:52 EST
Fedora Merge Review: pkinit-nss
Initial Owner: firstname.lastname@example.org
*** Bug 239086 has been marked as a duplicate of this bug. ***
I can find no package in the distro with this name, nor any record that there has ever been a package in Fedora with this name. Any idea what might be going on? The ticket which was closed as a dup looks like a regular package submission.
(In reply to comment #2)
> I can find no package in the distro with this name, nor any record that there
> has ever been a package in Fedora with this name. Any idea what might be going
> on? The ticket which was closed as a dup looks like a regular package
Yes, it was. When I realized I'd filed a duplicate of this request, I closed the one I'd filed as a duplicate. This one... I guess it's still pending. Note that in the meantime we've updated to 1.6.3, which includes a different implementation, and ATM I'm not sure what to expect if you manage to install both at once (though I suspect the first one which loads will be used, since as far as libkrb5 is concerned they're equivalent).
I should also note that the SCM for the package has moved to:
Thanks for responding! When you say "updated to 1.6.3" above I'm guessing you mean MIT Kerberos 1.6.3. Does its inclusion of pkinit functionality imply that this package isn't needed any longer? Or would you still like to have it in the distro?
If the latter, I'll be happy to take a look although my kerberos knowledge isn't advanced enough to understand the pkinit stuff. All I really need is a link to a current src.rpm and spec file. I'll update this so that it looks less like a merge review and hopefully won't get lost again.
(In reply to comment #5)
> Thanks for responding! When you say "updated to 1.6.3" above I'm guessing you
> mean MIT Kerberos 1.6.3.
> Does its inclusion of pkinit functionality imply that
> this package isn't needed any longer? Or would you still like to have it in
> the distro?
Its main goal was to be ready in time for the EL5 release, as the upstream 1.6.3 release and module it includes weren't available yet. Going forward, I'd rather reuse more of the upstream module and integrate NSS at its internal crypto abstraction points. Beyond curiosity and compatibility with EL5 (I'm hoping to have the time to get the other work done in the F11/F12 timeframe, and switch to that), there's not much to be gained by moving this particular module forward any more.
Thanks for following up on this.
No problem. I guess I'll go ahead and close this. Sorry it got lost in the noise originally.
If you do change your mind, just reopen or go ahead and open a new review ticket and I'll try to take a look.