Red Hat Bugzilla – Bug 81836
telnetd, ftpd, etc. shouldn't be in krb-workstation
Last modified: 2008-02-25 16:00:11 EST
Currently, there are several daemon programs in the krb5-workstation subpackage. This doesn't seem right -- instead, there should be a krb5-daemons subpackage for these.
Or taken out entirely. But that's a longer-term deal. ;)
Agreed. :)
moving to Fedora Core so this doesn't get lost.
Is FC3 a good time to do this? (I think so!)
Yes, /usr/kerberos/sbin/* and the corresponding docs should be in a separate package. I don't think the daemons should removed completely though. It is quite reasonable to run a kerberos telnetd and rshd on every workstation. OpenSSH is only an alternative if the GSSAPI support works. Maybe it does. Are the MIT Kerberos daemons "unmaintained or poorly designed software"? (I wouldn't know, I use Heimdal.) If they are then perhaps a GSSAPI-capable sshd is better maintained or designed, but if not then let them stay.
Think we can get this for FC4?
Think we can get this for FC6? :)
Would it help if a modified spec-file and / or .spec patch would be attached to this bug. Ifso which one is preferred?
A .spec file (so long as it's relative to something recent) would be fine.
I'm leaving for the remote reaches of Alberta for a week, so if Hans wants to do it, that'd rock.
I don't mind doing it, but I'll doing it kinda blindfolded since I'm not a kerberos user, let alone know anything about it. If I understand correctly then all the files under /usr/kerberos/sbin, under /etc/xinet.d, the related scriptlets and related docs should be moved to a -daemons sub-package, correct?
Hmm, I see some files (sclient, sserver, /etc/profile.d/krb5.[c]sh ) are included in multiple sub packages, I though that was concidered bad packaging? I'll dig a bit deeper into this huge specfile and try to seperate all the daemon stuff into a seperate package.
Some of the things in sbin aren't daemons. Oh such fun. It may make sense to put some of them in "krb5-admin". (Like, say, kadmin.)
Yes I already noticed that, I guess I'll leave them in -workstation for now.
Some further observations: * The man page for krb5.conf is in -workstation, while the actual file is in -libs, I believe the manpage should move to -libs * %{krb5prefix}/man is listed twice in the %files workstation file list, once as %docdir and once more as %dir I'll leave all these as is and I am purely concentrating on making a -daemons subpackage.
Created attachment 133994 [details] specfile with seperate -daemons subpackage Okay, This should basicly be it. The changes are pretty minimal. Its based on the latest development SRPM. Notice that I didn't bump the release, nor add a changelog entry!
> OpenSSH is only an alternative if the GSSAPI support works. Maybe it does. see bug #187211 But a -daemons is good in any case, of course!
I'm planning to pull in these changes in for the 1.6 packages. Quick question: any objections to renaming -daemons to -workstation-daemons to try to cut down on confusion between it and -server? In a more perfect world, I think we'd rename -server to -kdc, too, but that could get messy.
> Quick question: any objections to renaming -daemons to -workstation-daemons to > try to cut down on confusion between it and -server? In a more perfect world, > I think we'd rename -server to -kdc, too, but that could get messy. I'm not opposed in principle, but I'm not sure -workstations- is the right middle part -- it makes me think of some sort of not-network-accessible local service daemons.
Hmm, good point. It's been suggested that -legacy-servers (and a corresponding -legacy-clients) might be a cleaner way to handle this -- the FTP, telnet, rsh and rlogin clients would be moved there. Comments?
I do not have much opinion on this, so do whatever you think is best.
Hmm, no loud complaints about how it looked in F-8 at release-time (crossing fingers), so marking closed in the current release.