[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: kpasswd



What specifically is broken? Do you have a list of ITSs? We currently
use this code but I believe the same functionality can also be achieved
by using SASL/saslauthd and {SASL} or am I mistaken? If I can't get the
same functionality with SASL I may have to look at the code myself. 



"Kurt D. Zeilenga" wrote:
> 
> At 08:32 AM 10/15/2003, Allan E Johannesen wrote:
> >It appears that the --enable-kpasswd option is gone from openldap 2.1.23
> 
> Use
>         env ol_enable_kpasswd=yes ./configure
> instead.
> 
> That is, the feature (as broken as it is) still remains.
> 
> >I recall some discussion about the {kerberos} option in the user password, but
> >I thought that the concensus was that people were using this didn't want it to
> >be discontinued.
> 
> The code was disabled not because too feature wanted support for it
> to be continued, but because too few people stood up and supported
> the code.  That is, the code is broken and nobody seems willing to
> fix it.
> 
> The project long standing approach to broken code is to phase it
> out.  Disabling configure options is one of the first phases in
> this process.  It's generally followed by moving the broken code
> to the Attic.
> 
> If just one person using this code were to start to maintaining it,
> the process would likely be halted and maybe even reversed.
> 
> >I guess I was wrong and the decision was made to remove it.
> 
> A policy was established long ago that broken code is to be
> phased out.  This code has been considered broken for quite
> some time (as evident by the many ITSs).  The lack of action
> by those wanting this feature to be supported to resolve
> outstanding issues lead to my recent action to start the
> phasing out the code.
> 
> >It didn't seem to warrant a line in the release notes.
> 
> Yes.
> 
> >Is that gone for good?  Is it a mistake in the release?
> 
> See above.  No.
> 
> >What should people do for id/password authentication from now on?
> 
> I wouldn't suggest you use Kerberos for username/password
> authentication.