Subject: Re: krb5 integration proposal
To: Julian Assange <proff@iq.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: current-users
Date: 07/24/1999 18:27:13
On Sun, Jul 25, 1999 at 06:02:38AM +1000, Julian Assange wrote:
> Aidan Cully <aidan@kublai.com> writes:
> 
> > I'm assuming kerberos5 is something we want in the tree.  If it isn't,
> > then it isn't.
> > 
> > This is less a completely hashed out proposal than a list of steps that I'm
> > planning to take to get krb5 integrated..  The descriptions of the steps
> > should give a pretty good indication of what the finished product should
> > look like, though..  If you've got questions about this, please ask.
> > 
> > I believe I can have krb5 in the tree, and working decently by 7/14.
> > 
> > --aidan
> 
> It is, but given that most of the world will feel that they are unable to
> use it, I wonder what the point is.
> 
> kth's very full featured exportable krb4 replacement is available from:
> 
> <http://www.pdc.kth.se/kth-krb>

"You live in a glass house."

I deliberately chose KTH's Kerberos for integration into NetBSD, and kept
careful logs of all structural (e.g. non-cryptographic, exportable) changes
I made during integration, *so that someone outside the United States could
duplicate my work*.

In the three? four? years since then four different people have said that
they would do the work, and then failed to do so.  This certainly 
diminishes *my* interest in holding up NetBSD's cryptographic development
so that it can be done by those outside the United States instead.

Besides, krb4 is obsolete and dangerous.  At such time as both MIT and
Heimdal krb5's APIs stabilize sufficiently to permit it, there's postively
*no* reason you can't replicate Aidan's work in cryptosrc-intl, and I
encourage you to do so.  Now, for the time being, please get out of his
way and let him get some work done.

Thor