Bug 81836 - telnetd, ftpd, etc. shouldn't be in krb-workstation
telnetd, ftpd, etc. shouldn't be in krb-workstation
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: krb5 (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-01-14 11:10 EST by Matthew Miller
Modified: 2008-02-25 16:00 EST (History)
3 users (show)

See Also:
Fixed In Version: 1.6.1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-25 16:00:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
specfile with seperate -daemons subpackage (45.87 KB, text/plain)
2006-08-10 17:14 EDT, Hans de Goede
no flags Details

  None (edit)
Description Matthew Miller 2003-01-14 11:10:46 EST
Currently, there are several daemon programs in the krb5-workstation subpackage.
This doesn't seem right -- instead, there should be a krb5-daemons subpackage
for these.
Comment 1 Bill Nottingham 2003-01-15 02:20:03 EST
Or taken out entirely. But that's a longer-term deal. ;)
Comment 2 Matthew Miller 2003-01-15 09:24:16 EST
Agreed. :)
Comment 3 Matthew Miller 2004-04-16 10:15:34 EDT
moving to Fedora Core so this doesn't get lost.
Comment 4 Matthew Miller 2004-07-15 14:01:49 EDT
Is FC3 a good time to do this? (I think so!)
Comment 5 Alexander Boström 2004-11-23 16:49:23 EST
Yes, /usr/kerberos/sbin/* and the corresponding docs should be in a separate
package.

I don't think the daemons should removed completely though. It is quite
reasonable to run a kerberos telnetd and rshd on every workstation.

OpenSSH is only an alternative if the GSSAPI support works. Maybe it does.

Are the MIT Kerberos daemons "unmaintained or poorly designed software"? (I
wouldn't know, I use Heimdal.) If they are then perhaps a GSSAPI-capable sshd is
better maintained or designed, but if not then let them stay.
Comment 6 Matthew Miller 2005-02-28 14:21:51 EST
Think we can get this for FC4?
Comment 7 Matthew Miller 2006-04-13 23:27:37 EDT
Think we can get this for FC6? :)
Comment 8 Hans de Goede 2006-08-10 10:46:52 EDT
Would it help if a modified spec-file and / or .spec patch would be attached to
this bug. Ifso which one is preferred?
Comment 9 Nalin Dahyabhai 2006-08-10 15:32:15 EDT
A .spec file (so long as it's relative to something recent) would be fine.
Comment 10 Matthew Miller 2006-08-10 15:38:27 EDT
I'm leaving for the remote reaches of Alberta for a week, so if Hans wants to do
it, that'd rock.
Comment 11 Hans de Goede 2006-08-10 15:43:20 EDT
I don't mind doing it, but I'll doing it kinda blindfolded since I'm not a
kerberos user, let alone know anything about it. If I understand correctly then
all the files under /usr/kerberos/sbin, under /etc/xinet.d, the related
scriptlets and related docs should be moved to a -daemons sub-package, correct?
Comment 12 Hans de Goede 2006-08-10 15:47:51 EDT
Hmm,

I see some files (sclient, sserver, /etc/profile.d/krb5.[c]sh ) are included in
multiple sub packages, I though that was concidered bad packaging?

I'll dig a bit deeper into this huge specfile and try to seperate all the daemon
stuff into a seperate package.
Comment 13 Matthew Miller 2006-08-10 15:56:08 EDT
Some of the things in sbin aren't daemons. Oh such fun. It may make sense to put
some of them in "krb5-admin". (Like, say, kadmin.)
Comment 14 Hans de Goede 2006-08-10 16:00:09 EDT
Yes I already noticed that, I guess I'll leave them in -workstation for now.
Comment 15 Hans de Goede 2006-08-10 16:53:18 EDT
Some further observations:
* The man page for krb5.conf is in -workstation, while the actual file is in
 -libs, I believe the manpage should move to -libs
* %{krb5prefix}/man is listed twice in the %files workstation file list, once
  as %docdir and once more as %dir

I'll leave all these as is and I am purely concentrating on making a -daemons
subpackage.
Comment 16 Hans de Goede 2006-08-10 17:14:30 EDT
Created attachment 133994 [details]
specfile with seperate -daemons subpackage

Okay,

This should basicly be it. The changes are pretty minimal. Its based on the
latest development SRPM. Notice that I didn't bump the release, nor add a
changelog entry!
Comment 17 Alexander Boström 2006-11-17 05:33:53 EST
> OpenSSH is only an alternative if the GSSAPI support works. Maybe it does.

see bug #187211

But a -daemons is good in any case, of course!
Comment 18 Nalin Dahyabhai 2007-01-23 10:06:49 EST
I'm planning to pull in these changes in for the 1.6 packages.

Quick question: any objections to renaming -daemons to -workstation-daemons to
try to cut down on confusion between it and -server?  In a more perfect world, I
think we'd rename -server to -kdc, too, but that could get messy.
Comment 19 Matthew Miller 2007-01-23 10:20:48 EST
> Quick question: any objections to renaming -daemons to -workstation-daemons to
> try to cut down on confusion between it and -server?  In a more perfect world,
> I think we'd rename -server to -kdc, too, but that could get messy.

I'm not opposed in principle, but I'm not sure -workstations- is the right
middle part -- it makes me think of some sort of not-network-accessible local
service daemons.

Comment 20 Nalin Dahyabhai 2007-01-23 15:10:37 EST
Hmm, good point.  It's been suggested that -legacy-servers (and a corresponding
-legacy-clients) might be a cleaner way to handle this -- the FTP, telnet, rsh
and rlogin clients would be moved there.  Comments?
Comment 21 Hans de Goede 2007-01-24 02:28:49 EST
I do not have much opinion on this, so do whatever you think is best.
Comment 22 Nalin Dahyabhai 2008-02-25 16:00:11 EST
Hmm, no loud complaints about how it looked in F-8 at release-time (crossing
fingers), so marking closed in the current release.

Note You need to log in before you can comment on or make changes to this bug.