Bug 81836 - telnetd, ftpd, etc. shouldn't be in krb-workstation
Summary: telnetd, ftpd, etc. shouldn't be in krb-workstation
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: krb5
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-01-14 16:10 UTC by Matthew Miller
Modified: 2008-02-25 21:00 UTC (History)
3 users (show)

Fixed In Version: 1.6.1
Clone Of:
Environment:
Last Closed: 2008-02-25 21:00:11 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
specfile with seperate -daemons subpackage (45.87 KB, text/plain)
2006-08-10 21:14 UTC, Hans de Goede
no flags Details

Description Matthew Miller 2003-01-14 16:10:46 UTC
Currently, there are several daemon programs in the krb5-workstation subpackage.
This doesn't seem right -- instead, there should be a krb5-daemons subpackage
for these.

Comment 1 Bill Nottingham 2003-01-15 07:20:03 UTC
Or taken out entirely. But that's a longer-term deal. ;)

Comment 2 Matthew Miller 2003-01-15 14:24:16 UTC
Agreed. :)

Comment 3 Matthew Miller 2004-04-16 14:15:34 UTC
moving to Fedora Core so this doesn't get lost.

Comment 4 Matthew Miller 2004-07-15 18:01:49 UTC
Is FC3 a good time to do this? (I think so!)

Comment 5 Alexander Boström 2004-11-23 21:49:23 UTC
Yes, /usr/kerberos/sbin/* and the corresponding docs should be in a separate
package.

I don't think the daemons should removed completely though. It is quite
reasonable to run a kerberos telnetd and rshd on every workstation.

OpenSSH is only an alternative if the GSSAPI support works. Maybe it does.

Are the MIT Kerberos daemons "unmaintained or poorly designed software"? (I
wouldn't know, I use Heimdal.) If they are then perhaps a GSSAPI-capable sshd is
better maintained or designed, but if not then let them stay.


Comment 6 Matthew Miller 2005-02-28 19:21:51 UTC
Think we can get this for FC4?

Comment 7 Matthew Miller 2006-04-14 03:27:37 UTC
Think we can get this for FC6? :)

Comment 8 Hans de Goede 2006-08-10 14:46:52 UTC
Would it help if a modified spec-file and / or .spec patch would be attached to
this bug. Ifso which one is preferred?

Comment 9 Nalin Dahyabhai 2006-08-10 19:32:15 UTC
A .spec file (so long as it's relative to something recent) would be fine.

Comment 10 Matthew Miller 2006-08-10 19:38:27 UTC
I'm leaving for the remote reaches of Alberta for a week, so if Hans wants to do
it, that'd rock.

Comment 11 Hans de Goede 2006-08-10 19:43:20 UTC
I don't mind doing it, but I'll doing it kinda blindfolded since I'm not a
kerberos user, let alone know anything about it. If I understand correctly then
all the files under /usr/kerberos/sbin, under /etc/xinet.d, the related
scriptlets and related docs should be moved to a -daemons sub-package, correct?


Comment 12 Hans de Goede 2006-08-10 19:47:51 UTC
Hmm,

I see some files (sclient, sserver, /etc/profile.d/krb5.[c]sh ) are included in
multiple sub packages, I though that was concidered bad packaging?

I'll dig a bit deeper into this huge specfile and try to seperate all the daemon
stuff into a seperate package.


Comment 13 Matthew Miller 2006-08-10 19:56:08 UTC
Some of the things in sbin aren't daemons. Oh such fun. It may make sense to put
some of them in "krb5-admin". (Like, say, kadmin.)

Comment 14 Hans de Goede 2006-08-10 20:00:09 UTC
Yes I already noticed that, I guess I'll leave them in -workstation for now.


Comment 15 Hans de Goede 2006-08-10 20:53:18 UTC
Some further observations:
* The man page for krb5.conf is in -workstation, while the actual file is in
 -libs, I believe the manpage should move to -libs
* %{krb5prefix}/man is listed twice in the %files workstation file list, once
  as %docdir and once more as %dir

I'll leave all these as is and I am purely concentrating on making a -daemons
subpackage.


Comment 16 Hans de Goede 2006-08-10 21:14:30 UTC
Created attachment 133994 [details]
specfile with seperate -daemons subpackage

Okay,

This should basicly be it. The changes are pretty minimal. Its based on the
latest development SRPM. Notice that I didn't bump the release, nor add a
changelog entry!

Comment 17 Alexander Boström 2006-11-17 10:33:53 UTC
> OpenSSH is only an alternative if the GSSAPI support works. Maybe it does.

see bug #187211

But a -daemons is good in any case, of course!


Comment 18 Nalin Dahyabhai 2007-01-23 15:06:49 UTC
I'm planning to pull in these changes in for the 1.6 packages.

Quick question: any objections to renaming -daemons to -workstation-daemons to
try to cut down on confusion between it and -server?  In a more perfect world, I
think we'd rename -server to -kdc, too, but that could get messy.

Comment 19 Matthew Miller 2007-01-23 15:20:48 UTC
> Quick question: any objections to renaming -daemons to -workstation-daemons to
> try to cut down on confusion between it and -server?  In a more perfect world,
> I think we'd rename -server to -kdc, too, but that could get messy.

I'm not opposed in principle, but I'm not sure -workstations- is the right
middle part -- it makes me think of some sort of not-network-accessible local
service daemons.



Comment 20 Nalin Dahyabhai 2007-01-23 20:10:37 UTC
Hmm, good point.  It's been suggested that -legacy-servers (and a corresponding
-legacy-clients) might be a cleaner way to handle this -- the FTP, telnet, rsh
and rlogin clients would be moved there.  Comments?

Comment 21 Hans de Goede 2007-01-24 07:28:49 UTC
I do not have much opinion on this, so do whatever you think is best.


Comment 22 Nalin Dahyabhai 2008-02-25 21:00:11 UTC
Hmm, no loud complaints about how it looked in F-8 at release-time (crossing
fingers), so marking closed in the current release.


Note You need to log in before you can comment on or make changes to this bug.