[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: kpasswd

To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Subject: Re: kpasswd
From: Paul M Fleming <pfleming@siumed.edu>
Date: Wed, 15 Oct 2003 16:29:00 -0500
Cc: Allan E Johannesen <aej@WPI.EDU>, openldap-software@OpenLDAP.org
Organization: SIUMED Information Resources
References: <16269.26786.281969.119549@ccc3.WPI.EDU> <6.0.0.22.0.20031015112738.02be5540@127.0.0.1>

What specifically is broken? Do you have a list of ITSs? We currently
use this code but I believe the same functionality can also be achieved
by using SASL/saslauthd and {SASL} or am I mistaken? If I can't get the
same functionality with SASL I may have to look at the code myself. 



"Kurt D. Zeilenga" wrote:
> 
> At 08:32 AM 10/15/2003, Allan E Johannesen wrote:
> >It appears that the --enable-kpasswd option is gone from openldap 2.1.23
> 
> Use
>         env ol_enable_kpasswd=yes ./configure
> instead.
> 
> That is, the feature (as broken as it is) still remains.
> 
> >I recall some discussion about the {kerberos} option in the user password, but
> >I thought that the concensus was that people were using this didn't want it to
> >be discontinued.
> 
> The code was disabled not because too feature wanted support for it
> to be continued, but because too few people stood up and supported
> the code.  That is, the code is broken and nobody seems willing to
> fix it.
> 
> The project long standing approach to broken code is to phase it
> out.  Disabling configure options is one of the first phases in
> this process.  It's generally followed by moving the broken code
> to the Attic.
> 
> If just one person using this code were to start to maintaining it,
> the process would likely be halted and maybe even reversed.
> 
> >I guess I was wrong and the decision was made to remove it.
> 
> A policy was established long ago that broken code is to be
> phased out.  This code has been considered broken for quite
> some time (as evident by the many ITSs).  The lack of action
> by those wanting this feature to be supported to resolve
> outstanding issues lead to my recent action to start the
> phasing out the code.
> 
> >It didn't seem to warrant a line in the release notes.
> 
> Yes.
> 
> >Is that gone for good?  Is it a mistake in the release?
> 
> See above.  No.
> 
> >What should people do for id/password authentication from now on?
> 
> I wouldn't suggest you use Kerberos for username/password
> authentication.

Follow-Ups:
- Re: kpasswd
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: kpasswd
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- kpasswd
  - From: Allan E Johannesen <aej@WPI.EDU>
- Re: kpasswd
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: RE: I think there's a bug with p->sasl_maxbuf in cyrus.c
Next by Date: Re: LDAP backend for Heimdal Kerberos
Index(es):
- Chronological
- Thread