Ticket #577 (closed task: fixed)
FHS exception for Heimdal
|Reported by:||ktdreyer||Owned by:|
|Cc:||ktdreyer, orion||Blocked By:|
FESCo provides a FHS exception for Heimdal, an alternative Kerberos implementation. Review request is at https://bugzilla.redhat.com/613001
Heimdal provides an alternative Kerberos implementation to MIT Kerberos, the default in Fedora. I'm probably doing an injustice here, but my poor-man's summary of the differences between the two is that MIT's implementation is stable while Heimdal contains more features.
Beyond the new features etc, one reason for including Heimdal in Fedora is that Samba4 is currently bundling a Heimdal fork. The Samba team has been working with the Heimdal community and abartlet indicates that Samba could probably use this package instead of bundling.
MIT's Kerberos binaries, manpages, and development files share identical names to MIT.
The binaries themselves have differing command-line options. The library APIs are different. The client-to-server wire protocol is the same (RFC 4120), but the administrative tool (kadmin) is incompatible between a MIT client and Heimdal server.
The three solutions we've identified are
- Install to /usr/heimdal. This will require an exception from FESCo.
- Rename the Heimdal files to not conflict with MIT. Eg.
"/usr/bin/kinit.heimdal", "kadmin.heimdal", etc. Use alternatives to switch between the two Kerberos implementations.
- Use Conflicts: with the appropriate MIT packages. You have to choose to
install one or the other.
With this FESCo ticket, I'm asking for #1.
This proposal is that FESCo grant Heimdal an FHS exception to install into a directory such as /usr/heimdal.
The "krb5-workstation" package in Fedora is the MIT implementation. The review bug for Heimdal is https://bugzilla.redhat.com/613001 . The review bug contains background, a list of conflicting files in Heimdal, and some discussion on the pros and cons of using alternatives or Conflicts: to remedy this.
- Resolution fixed deleted
- Status changed from closed to reopened